English / Microsoft Entra

New admin roles in Entra ID – February 2025

1. March 2025

In recent weeks, Microsoft has added three new admin roles in Entra ID.

 

People Administrator

The role was announced by Microsoft at the beginning of February.
Accounts with the People Administrator role can update profile photos for all Entra ID accounts and manage settings such as pronouns, name pronunciation, and profile card settings.

People Administrator
Assign the People Administrator role to users who need to do the following tasks:

  • Update profile photos for all users including administrators
  • Update people settings for all users, such as pronouns, name pronunciation, and profile card settings

People Administrator is an alternative role to User Administrator.
The template ID is 024906de-61e5-49c8-8572-40335f1e0e10.

IoT Device Administrator

Accounts with the IoT Device Administrator role can provision new IoT devices using device templates, manage the lifecycle of IoT devices and device templates, and configure certificates for IoT devices.

IoT Device Administrator
Assign the IoT Device Administrator role to users who need to do the following tasks:

  • Provision new IoT devices using device templates
  • Manage the lifecycle of IoT devices
  • Configure certificates used for IoT device authentication
  • Manage the lifecycle of IoT device templates

IoT Device Administrator can be an alternative role to Cloud Device Administrator.
The template ID is 2ea5ce4c-b2d8-4668-bd81-3680bd2d227a.

Global Secure Access Log Reader

Accounts with the Global Secure Access Log Reader role can analyze network logs in Microsoft Entra Internet Access and Microsoft Entra Private Access, view details such as sessions, connections, and transactions, filter logs by criteria such as IP address and domain, and use APIs for aggregations.

Global Secure Access Log Reader
Assign the Global Secure Access Administrator (should be Log Reader) role to users who need to do the following:

  • Read network traffic logs in Microsoft Entra Internet Access and Microsoft Entra Private Access for analysis by designated security personnel
  • View log details such as session, connection, and transaction
  • Filter logs based on criteria such as IP address and domain
  • Use APIs to read logs such as aggregations

Global Secure Access Log Reader is an alternative reader role to Global Secure Access Administrator.
The template ID is 843318fb-79a6-4168-9e6f-aa9a07481cc4.

Tags:

Share
Avatar photo

Tobias Asböck

Tobias is a Senior System Engineer with around ten years of professional experience with Microsoft 365 products such as SharePoint Online, SharePoint Premium, OneDrive for Business, Teams Collaboration, Entra ID, Information Protection, Universal Print, and Microsoft 365 Licensing. He also has 15+ years of experience planning, administering, and operating SharePoint Server environments. Tobias is a PowerShell Scripter with certifications for Microsoft 365 products. In his spare time, Tobias is busy with updates in the Microsoft 365 world or on the road with his road bike and other sports activities. If you have additional questions, please contact me via LinkedIn or [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *