You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: exposure-management/predefined-classification-rules-and-levels.md
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,12 +52,16 @@ Current asset types are:
52
52
| Application Administrator | Identity | Very High | Identities in this role can create and manage all aspects of enterprise applications, application registrations, and application proxy settings. |
53
53
| Application Developer | Identity | High | Identities in this role can create application registrations independent of the 'Users can register applications' setting. |
54
54
| Authentication Administrator | Identity | Very High | Identities in this role can set and reset authentication method (including passwords) for non-admin users. |
55
+
| Backup Operators | Identity | Very High | Identities in this role can backup and restore all files on a computer, regardless of the permissions that protect those files. Backup operators also can log on to and shut down the computer and can perform backup and restore operations on domain controllers. |
56
+
| Server Operators | Identity | Very High | Identities in this role can administer domain controllers. Members of the Server operators group can take the following actions: sign in to a server interactively, create and delete network shared resources, start and stop services, backup and restore files, format the hard disk drive of the computer, and shut down the computer. |
55
57
| B2C IEF Keyset Administrator | Identity | High | Identities in this role can manage secrets for federation and encryption in the Identity Experience Framework (IEF). |
56
58
| Cloud Application Administrator | Identity | Very High | Identities in this role can create and manage all aspects of app registrations and enterprise apps except App Proxy. |
57
59
| Cloud Device Administrator | Identity | High | Identities in this role have limited access to manage devices in Microsoft Entra ID. They can enable, disable, and delete devices in Microsoft Entra ID and read Windows 10 BitLocker keys (if present) in the Azure portal. |
58
60
| Conditional Access Administrator | Identity | High | Identities in this role have the ability to manage Microsoft Entra Conditional Access settings. |
59
61
| Directory Synchronization Accounts | Identity | Very High | Identities in this role have the ability to manage all directory synchronization settings. Should Only be used by Microsoft Entra Connect service. |
60
62
| Directory Writers | Identity | High | Identities in this role can read and write basic directory information. For granting access to applications, not intended for users. |
63
+
| Domain Administrator | Identity | Very High | Identities in this role are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. |
64
+
| Enterprise Administrator | Identity | Very High | Identities in this role have complete access to configuring all domain controllers. Members in this group can modify the membership of all administrative groups. |
61
65
| Global Administrator | Identity | Very High | Identities in this role can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities. |
62
66
| Global Reader | Identity | High | Identities in this role can read everything that a Global Administrator can, but not update anything. |
63
67
| Helpdesk Administrator | Identity | Very High | Identities in this role can reset passwords for nonadministrators and Helpdesk Administrators. |
0 commit comments