While we still haven’t got any traction on the custom roles for Azure AD/Office 365 front, a bunch of new admin roles was introduced recently. The actual number seems to be 12, as listed below:
- B2C User Flow Administrator – Can create and manage all aspects of user flows. That is Azure AD B2C lifecycle flows, not related to Microsoft Flow 🙂
- B2C User Flow Attribute Administrator – Can create and manage the attribute schema available to all user flows.
- B2C IEF Keyset Administrator – Can manage secrets for federation and encryption in the Identity Experience Framework (IEF).
- B2C IEF Policy Administrator – Can create and manage trust framework policies in the Identity Experience Framework (IEF).
- External Identity Provider Administrator – Can configure identity providers for use in direct federation.
- Compliance Data Administrator – Creates and manages compliance content.
- Security Operator – Creates and manages security events.
- Kaizala Administrator – Has full access to all Kaizala management features and data, and manages service requests.
- Search Administrator – Can create and manage all aspects of Microsoft Search settings.
- Search Editor – Can create and manage the editorial content such as bookmarks, Q and As, locations, floorplan.
- Printer Administrator – Can manage all aspects of printers and printer connectors.
- Printer Technician – Can manage all aspects of printers and printer connectors.
The two roles on the bottom have the same description, that’s not a copy/paste error on my end 🙂
As you can see, we now have roles dedicated to managing Microsoft Search, as well as Kaizala. We also have scoped down roles for parts of the functionalities exposed in the new Security and Compliance centers. And yes, printer connector related roles, whatever that might be.
The four B2C roles are already available in the Azure AD blade, where you can get more detailed description on them, as well as granular list of role permissions. The same is true for the External Identity Provider Administrator role, which is probably the most interesting one. It has the following description:
In addition, there is now a default Guest User role, which all guest users in the tenant are assigned to. This ensures that such object have access to only a limited subset of the information stored within the directory.