返回
-
标题
EntraID Application minimum permissions -
说明
What are the Active Roles Azure App minimum permissions required for Azure integration to work with Active Roles?.
-
解决办法
The following are the Azure roles and permissions required for the Active Roles Administration Service to function as expected:
- Privileged Authentication Administrator role is necessary to reset password of Entra ID users and to update any additional sensitive information of Entra ID users.
- User Administrator role is necessary to create, update and delete an Entra ID user.
- Exchange Administrator role, and administrator-consented Exchange.ManageAsApp and full_access_as_app application permissions are necessary for EXO related operations
- Exchange.ManageAsApp application permission is for other EXO related functionalities of Active Roles.
- Full_access_as_app application permission is for EXO EWS functionalities of Active Roles.
- RoleManagement.ReadWrite.Directory application permission is necessary to assign role to an Entra ID user.
- Sites.FullControl.All application permission is necessary for OneDrive site creation for Entra ID users.
Note that modifying these default roles and permissions might result in a configuration that is outside of the scope of the Active Roles Support Model.