List of all Roles on Microsoft 365 Portal

List of all Roles on Microsoft 365 Portal

#	Role Name	Role Description	Role Category
1	Global admin	Has unlimited access to all management features and most data in all admin centers.	Global
2	Application admin	Full access to enterprise applications, application registrations, and application proxy settings.	Identity
3	Application developer	Create application registrations and consent to app access on their own behalf.	Identity
4	Authentication admin	Can require users to re-register authentication for non-password credentials, like MFA.	Identity
5	Cloud application admin	Full access to enterprise applications and application registrations. No application proxy.	Identity
6	Conditional Access admin	Manages Azure Active Directory conditional access settings, but not Exchange ActiveSync conditional access policy.	Identity
7	External identity provider admin	Configure identity providers for use in direct federation.	Identity
8	Guest inviter	Manages Azure Active Directory B2B guest user invitations.	Identity
9	Helpdesk admin	Resets passwords and re-authenticates for all non-admins and some admin roles, manages service requests, and monitors service health.	Identity
10	License admin	Assigns and removes licenses from users and edits their usage location.	Identity
11	Password admin	Resets passwords for all non-admin users and some admin roles.	Identity
12	Privileged authentication admin	Resets passwords, updates non-password credentials, forces users to sign out, monitors service health, and manages service requests.	Identity
13	Privileged role admin	Manages role assignments and manages all access control features of Privileged Identity Management.	Identity
14	User admin	Resets user passwords, creates and manages users and groups, including filters, manages service requests, and monitors service health.	Identity
15	Azure Information Protection admin	Manages labels for the Azure Information Protection policy, manages protection templates, and activates protection.	Security & Compliance
16	Compliance admin	Manages regulatory requirements and eDiscovery cases, maintains data governance for locations, identities, and apps.	Security & Compliance
17	Compliance data admin	Keeps track of data, makes sure it's protected, gets insights into issues, and helps mitigate risk.	Security & Compliance
18	Customer Lockbox access approver	Manages Customer Lockbox requests, can turn Customer Lockbox on or off.	Security & Compliance
19	Security admin	Controls organization's security, manages security policies, reviews security analytics and reports, monitors the threat landscape.	Security & Compliance
20	Security operator	Investigates and responds to security alerts, manages features in Identity Protection center, monitors service health.	Security & Compliance
21	Billing admin	Makes purchases, manages subscriptions, manages service requests, and monitors service health.	Other
22	Service support admin	Creates service requests for Azure, Microsoft 365, and Office 365 services, and monitors service health.	Other
23	Cloud device admin	Enables, disables, and deletes devices and can read Windows 10 BitLocker keys.	Devices
24	Desktop Analytics admin	Can access and manage Desktop management tools and services.	Devices
25	Intune admin	Full access to Intune, manages users and devices to associate policies, creates and manages groups.	Devices
26	Dynamics 365 admin	Full access to Microsoft Dynamics 365 Online, manages service requests, monitors service health.	Collaboration
27	Exchange admin	Full access to Exchange Online, creates and manages groups, manages service requests, and monitors service health.	Collaboration
28	Groups admin	Creates and manages groups, including group naming and expiration policies, views activity and audit reports, monitors service health.	Collaboration
29	Kaizala admin	Full access to all Kaizala management features and data, manages service requests.	Collaboration
30	Office apps admin	Manages settings, policies, and deployment of Office apps.	Collaboration
31	Power BI admin	Full access to Power BI management tasks, manages service requests, and monitors service health.	Collaboration
32	Power Platform admin	Full access to Microsoft Dynamics 365, PowerApps, data loss prevention policies, and Microsoft Flow.	Collaboration
33	Search admin	Full access to Microsoft Search, assigns the Search admin and Search editor roles, manages editorial content, monitors service health, and creates service requests.	Collaboration
34	Search editor	Can only create, edit, and delete content for Microsoft Search, like bookmarks, Q&A, and locations.	Collaboration
35	SharePoint admin	Full access to SharePoint Online, manages Office 365 groups, manages service requests, and monitors service health.	Collaboration
36	Skype for Business admin	Full access to all Teams and Skype features, Skype user attributes, manages service requests, and monitors service health.	Collaboration
37	Teams communication admin	Assigns telephone numbers, creates and manages voice and meeting policies, and reads call analytics.	Collaboration
38	Teams communication support engineer	Reads call record details for all call participants to troubleshoot communication issues.	Collaboration
39	Teams communication support specialist	Reads user call details only for a specific user to troubleshoot communication issues.	Collaboration
40	Teams service admin	Full access to Teams & Skype admin center, manages Office 365 groups and service requests, and monitors service health.	Collaboration
41	Global reader	Can view all administrative features and settings in all admin centers.	Read-only
42	Message Center privacy reader	Access to data privacy messages in Message Center, gets email notifications, has read-only access to users, groups, domains, and subscriptions.	Read-only
43	Message Center reader	Reads and shares regular messages in Message Center, gets email notifications, has read-only access to users, groups, domains, and subscriptions.	Read-only
44	Reports reader	Reads usage reporting data from the reports dashboard, Power BI adoption content pack, sign-in reports, and Microsoft Graph reporting API.	Read-only
45	Security reader	Read-only access to security features, sign-in reports, and audit logs.	Read-only