You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/roles/permissions-reference.md
+13Lines changed: 13 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -110,6 +110,7 @@ This article lists the Azure AD built-in roles you can assign to allow managemen
110
110
> |[Teams Communications Support Engineer](#teams-communications-support-engineer)| Can troubleshoot communications issues within Teams using advanced tools. | f70938a0-fc10-4177-9e90-2178f8765737 |
111
111
> |[Teams Communications Support Specialist](#teams-communications-support-specialist)| Can troubleshoot communications issues within Teams using basic tools. | fcf91098-03e3-41a9-b5ba-6f0ec8188a12 |
112
112
> |[Teams Devices Administrator](#teams-devices-administrator)| Can perform management related tasks on Teams certified devices. | 3d762c5a-1b6c-493f-843e-55a3b42923d4 |
113
+
> |[Tenant Creator](#tenant-creator)| Create new Azure AD or Azure AD B2C tenants. | 112ca1a2-15ad-4102-995e-45b0bc479a6a |
113
114
> |[Usage Summary Reports Reader](#usage-summary-reports-reader)| Can see only tenant level aggregates in Microsoft 365 Usage Analytics and Productivity Score. | 75934031-6c7e-415a-99d7-48dbd49e875e |
114
115
> |[User Administrator](#user-administrator)| Can manage all aspects of users and groups, including resetting passwords for limited admins. | fe930be7-5e62-47db-91af-98c3a49a38b1 |
115
116
> |[Virtual Visits Administrator](#virtual-visits-administrator)| Manage and share Virtual Visits information and metrics from admin centers or the Virtual Visits app. | e300d9e7-4a2b-4295-9eff-f1c78b36cc98 |
@@ -2247,6 +2248,18 @@ Users with this role can manage [Teams-certified devices](https://www.microsoft.
2247
2248
> | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in the Microsoft 365 admin center |
2248
2249
> | microsoft.teams/devices/standard/read | Manage all aspects of Teams-certified devices including configuration policies |
2249
2250
2251
+
## Tenant Creator
2252
+
2253
+
Assign the Teant Creator role to users who need to do the following tasks:
2254
+
- Create both Azure Active Directory and Azure Active Directory B2C tenants even if the tenant creation toggle is turned off in the user settings
2255
+
> [!NOTE]
2256
+
>The tenant creators will be assigned the Global administrator role on the new tenants they create.
2257
+
2258
+
> [!div class="mx-tableFixed"]
2259
+
> | Actions | Description |
2260
+
> | --- | --- |
2261
+
> | microsoft.directory/tenantManagement/tenants/create | Create new tenants in Azure Active Directory |
2262
+
2250
2263
## Usage Summary Reports Reader
2251
2264
2252
2265
Users with this role can access tenant level aggregated data and associated insights in Microsoft 365 admin center for Usage and Productivity Score but cannot access any user level details or insights. In Microsoft 365 admin center for the two reports, we differentiate between tenant level aggregated data and user level details. This role gives an extra layer of protection on individual user identifiable data, which was requested by both customers and legal teams.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments