Microsoft Copilot / Microsoft Entra

New admin role in Microsoft Entra: AI Reader

19. April 2026

Microsoft has published a new admin role in Entra: AI Reader.
Users with the AI Reader role have broad read-only access across Microsoft 365 Copilot settings, Agent 365 configurations, Copilot usage and adoption reports, and Microsoft Entra objects.

Note
Newly published roles may take some time to become fully active.


Users with the role can read…

  • Copilot settings in the Microsoft 365 admin center and Agent 365
  • Usage reports in the Microsoft 365 admin center
  • Copilot adoption insights and organizational insight
  • Service health and Message Center communications in the Microsoft 365 admin center
  • Users and all their properties in Microsoft Entra
  • Groups in Microsoft Entra
  • Service principals and applications in Microsoft Entra, including OAuth 2.0 permission grants
  • Administrative units in Microsoft Entra
  • Role assignments and role definitions in Microsoft Entra
  • Entitlement management configurations in Microsoft Entra

The combination of user property access with comprehensive Copilot and service health visibility makes this role suited to personas such as AI program managers, identity architects, or governance leads who need a read-only view of the environment to inform decisions, produce reports, or support audits without holding any write permissions.

New admin role: AI Reader
New admin role: AI Reader

Role Template ID: 1fe13547-53f6-408d-ac04-7f8eed167b38
Role permissions:
microsoft.azure.serviceHealth/allEntities/allTasks
microsoft.directory/administrativeUnits/members/read
microsoft.directory/administrativeUnits/standard/read
microsoft.directory/applicationPolicies/standard/read
microsoft.directory/applications/owners/read
microsoft.directory/applications/policies/read
microsoft.directory/applications/standard/read
microsoft.directory/contacts/memberOf/read
microsoft.directory/contacts/standard/read
microsoft.directory/contracts/standard/read
microsoft.directory/domains/standard/read
microsoft.directory/entitlementManagement/allProperties/read
microsoft.directory/groups/appRoleAssignments/read
microsoft.directory/groupSettings/standard/read
microsoft.directory/groupSettingTemplates/standard/read
microsoft.directory/groups/memberOf/read
microsoft.directory/groups/members/read
microsoft.directory/groups/owners/read
microsoft.directory/groups/settings/read
microsoft.directory/groups/standard/read
microsoft.directory/oAuth2PermissionGrants/standard/read
microsoft.directory/organization/standard/read
microsoft.directory/organization/trustedCAsForPasswordlessAuth/read
microsoft.directory/roleAssignments/standard/read
microsoft.directory/roleDefinitions/standard/read
microsoft.directory/servicePrincipals/appRoleAssignedTo/read
microsoft.directory/servicePrincipals/appRoleAssignments/read
microsoft.directory/servicePrincipals/memberOf/read
microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read
microsoft.directory/servicePrincipals/ownedObjects/read
microsoft.directory/servicePrincipals/owners/read
microsoft.directory/servicePrincipals/policies/read
microsoft.directory/servicePrincipals/standard/read
microsoft.directory/subscribedSkus/standard/read
microsoft.directory/users/allProperties/read
microsoft.office365.copilot/allEntities/allProperties/read
microsoft.office365.messageCenter/messages/read
microsoft.office365.network/performance/allProperties/read
microsoft.office365.serviceHealth/allEntities/allTasks
microsoft.office365.usageReports/allEntities/allProperties/read
microsoft.office365.webPortal/allEntities/standard/read

Tags:

Share
Avatar photo

Tobias Asböck

Tobias is a Senior System Engineer with more than 10 years of professional experience with Microsoft 365 products such as SharePoint Online, SharePoint Premium, OneDrive for Business, Teams Collaboration, Entra ID, Information Protection, Universal Print, and Microsoft 365 Licensing. He also has 15+ years of experience planning, administering, and operating SharePoint Server environments. Tobias is a PowerShell Scripter with certifications for Microsoft 365 products. In his spare time, Tobias is busy with updates in the Microsoft 365 world or on the road with his road bike and other sports activities. If you have additional questions, please contact me via LinkedIn or [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *