Short, but nevertheless important bit of information – two new roles have appeared and can now be used to delegate access in Azure AD. The first role is used for granting access to Azure Information Protection (Azure RMS) and has been a long standing request. The second one is the Client Administrator role, which related to Intune’s device management features.
Here’s how they look like:
7495fdc4-34c4-4d15-a289-98788ce399fd Information Protection Admini... Full access in the Azure Information Protection Service. 38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4 Client Administrator Allows access to Desktop Management tools and services.
There is no official announcement around those new roles yet, so there is no guarantee they will work. I’m sure we will hear the news about this soon though, as hinted by some folks over at the AIP network.
And as a reminder, the Reports Reader and Message Center Reader role were introduced last year at Ignite:
4a5d8f65-41da-4de4-8968-e035b65339cf Reports Reader Allows ability to read usage reports. 790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b Message Center Reader Message Center only - business user access.