New Azure AD built-in roles to reduce Global administrator dependency

We’ve created two new roles, Authentication policy administrator and Domain name administrator, to help reduce the number of Global Administrators in your organization. 

When this will happen

These roles are available now.

How this will affect your organization

We recommend the following:

  • Assign Authentication policy administrator instead of Global Administrator to configure the authentication methods policy, tenant-wide multi-factor authentication settings, and the password protection policy.
  • Assign Domain name administrator instead of Global Administrator to manage (read, add, verify, update, and delete) domain names.

What you need to do to prepare

Because Global administrator accounts are powerful and vulnerable to attack, we recommend that you have fewer than five Global Administrators.

Learn more

Message ID: MC243943


No comments yet

Leave a Reply


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: