Published March 10, 2021

New Azure AD built-in roles to reduce Global administrator dependency

Reference ID: MC243943

MC243943 – We’ve created two new roles, Authentication policy administrator and Domain name administrator, to help reduce the number of Global Administrators in your organization. 

When this will happen

These roles are available now.

How this will affect your organization

We recommend the following:

  • Assign Authentication policy administrator instead of Global Administrator to configure the authentication methods policy, tenant-wide multi-factor authentication settings, and the password protection policy.
  • Assign Domain name administrator instead of Global Administrator to manage (read, add, verify, update, and delete) domain names.

What you need to do to prepare

Because Global administrator accounts are powerful and vulnerable to attack, we recommend that you have fewer than five Global Administrators.

Learn more

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.