New admin roles in Azure AD – Information Protection admin and Client admin

Short, but nevertheless important bit of information – two new roles have appeared and can now be used to delegate access in Azure AD. The first role is used for granting access to Azure Information Protection (Azure RMS) and has been a long standing request. The second one is the Client Administrator role, which related to Intune’s device management features.

Here’s how they look like:

7495fdc4-34c4-4d15-a289-98788ce399fd   Information Protection Admini... Full access in the Azure Information Protection Service.
38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4   Client Administrator             Allows access to Desktop Management tools and services.

There is no official announcement around those new roles yet, so there is no guarantee they will work. I’m sure we will hear the news about this soon though, as hinted by some folks over at the AIP network.

And as a reminder, the Reports Reader and Message Center Reader role were introduced last year at Ignite:

4a5d8f65-41da-4de4-8968-e035b65339cf   Reports Reader                   Allows ability to read usage reports.
790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b   Message Center Reader            Message Center only - business user access.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.