Microsoft Previews New Azure Active Directory Roles and Bulk Management Capability

Microsoft this week announced a couple of noteworthy previews of new capabilities for IT pros using the Azure Active Directory identity and access management service.

Previews are available that add new Azure AD roles for IT pros. Microsoft also previewed bulk management of users and groups using comma-separated value (CSV) files.

New Roles
Microsoft described previews of 16 new Azure Active Directory roles for IT pros in a Thursday announcement. The new roles show up in the Azure Portal tagged with "green flags," and they'll work across most Microsoft 365 services.

One theme behind the introduction of these new roles is that they can help reduce the number of Global Administrator roles in organizations. Global Administrator roles permit organizationwide settings changes to be made, and having too many of them is thought to diminish an organization's security position.

Microsoft's best-practice advice is for organizations to have "fewer than 5 people in your organization" with the Global Administrator role, according to this Microsoft Azure document.

In that vein, one of the new Azure AD preview roles that was released is the Global Reader role, which was "highly requested," according to Microsoft. The Global Reader role is limited in scope since administrative changes can't be performed.

"Global reader is a read-only version of the Global administrator role, which allows you to view all settings and administrative information across Microsoft 365," explained Alex Simons, corporate vice president of program management at the Microsoft Identity Division, in the announcement. It was designed for personnel doing "planning, audits and investigation" activities, he added.

The Global Reader preview role currently doesn't work with the SharePoint Admin Center. It also doesn't work with the Privileged Access Management service. Other limitations are described in Microsoft's document.

Bulk Management
Microsoft is previewing new "Bulk" buttons within the Azure AD Admin Center portal that lets IT pros carry out actions across users and groups by uploading a CSV file, according to a Monday announcement. The CSV file simply contains a list consisting of "users, groups or members on a group in Azure AD," the announcement explained.

"With this new capability, you can complete ad-hoc tasks without having to write a PowerShell script or use repetitive manual steps," Microsoft added.

The bulk actions will work "for up to 50,000 users or group members." The preview permits six bulk actions, namely:

The preview also includes a Download button. IT pros can use it to check actions performed in Azure AD. The Download button will produce a file that shows things like user creation failures, for instance.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Clarifies Project Cortex's Scope, IT Controls and Product Delivery in Q&A

    Microsoft recently offered a Q&A session on Project Cortex, its emerging "knowledge network" solution for Microsoft 365 users.

  • How To Use .CSV Files with PowerShell, Part 2

    In the second part of this series, Brien shows how to import a .CSV file into a PowerShell array, including two methods for zooming in on just the specific data you need and filtering out the rest.

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.