Microsoft Previews New Azure Active Directory Roles and Bulk Management Capability
Microsoft this week announced a couple of noteworthy previews of new capabilities for IT pros using the Azure Active Directory identity and access management service.
Previews are available that add new Azure AD roles for IT pros. Microsoft also previewed bulk management of users and groups using comma-separated value (CSV) files.
Microsoft described previews of 16 new Azure Active Directory roles for IT pros in a Thursday announcement. The new roles show up in the Azure Portal tagged with "green flags," and they'll work across most Microsoft 365 services.
One theme behind the introduction of these new roles is that they can help reduce the number of Global Administrator roles in organizations. Global Administrator roles permit organizationwide settings changes to be made, and having too many of them is thought to diminish an organization's security position.
Microsoft's best-practice advice is for organizations to have "fewer than 5 people in your organization" with the Global Administrator role, according to this Microsoft Azure document.
In that vein, one of the new Azure AD preview roles that was released is the Global Reader role, which was "highly requested," according to Microsoft. The Global Reader role is limited in scope since administrative changes can't be performed.
"Global reader is a read-only version of the Global administrator role, which allows you to view all settings and administrative information across Microsoft 365," explained Alex Simons, corporate vice president of program management at the Microsoft Identity Division, in the announcement. It was designed for personnel doing "planning, audits and investigation" activities, he added.
The Global Reader preview role currently doesn't work with the SharePoint Admin Center. It also doesn't work with the Privileged Access Management service. Other limitations are described in Microsoft's document.
Microsoft is previewing new "Bulk" buttons within the Azure AD Admin Center portal that lets IT pros carry out actions across users and groups by uploading a CSV file, according to a Monday announcement. The CSV file simply contains a list consisting of "users, groups or members on a group in Azure AD," the announcement explained.
"With this new capability, you can complete ad-hoc tasks without having to write a PowerShell script or use repetitive manual steps," Microsoft added.
The bulk actions will work "for up to 50,000 users or group members." The preview permits six bulk actions, namely:
The preview also includes a Download button. IT pros can use it to check actions performed in Azure AD. The Download button will produce a file that shows things like user creation failures, for instance.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.