Azure AD / Microsoft 365 / Microsoft Graph – 10 Azure AD roles are getting renamed – Important update :)

Azure / Microsoft 365 / Microsoft Graph - Azure AD Roles - Existing role names and proposed new role names

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY, STAY HOME 🙂

Today small but very important update regarding renaming of Azure AD roles. This is high importance message in message centerhttps://admin.microsoft.com/AdminPortal/Home#/MessageCenter so thought to share 🙂

Take away from this article: At the end of this article we got to know What consequences this change will have

  • Which are the 10 Azure AD roles are getting updated.
  • What consequences will this change have
  • Best practice while using roles display name either in Script or Code

Background :

  • Some of the Azure AD roles appears differently in Azure AD Portal – https://portal.azure.com/ , in Microsoft 365 admin center – https://admin.microsoft.com/AdminPortal/Home#/ and in Microsoft Graph – https://developer.microsoft.com/graph/
  • This is the problem when we automate any process and using these roles. Like either PowerShell script or any either Azure web job or application using CSOM
  • Also this is bit difficult for respective Admin to remember this kind of inconsistent names and creates more confusion
  • To avoid this consistency 10 Azure AD roles are getting changed
  • Following are the roles which are getting updated
Azure / Microsoft 365 / Microsoft Graph - Azure AD Roles - Existing role names and proposed new role names
Fig : Azure / Microsoft 365 / Microsoft Graph – Azure AD Roles – Existing role names and proposed new role names

Roll-out finalization :

  • This change roll-out will be finalized by Early Oct 2020
  • Once this roll-out is in place, we will these updated Azure AD names in the Microsoft 365 admin center, Azure AD portal, and Microsoft Graph API

Best practice while using roles display name either in Script or Code :

  • We should not use roles name in our automated process if any. May be in PowerShell script or any demon job or in any code.
  • We should always use template IDs for Azure AD built in roles.
  • Following is the list of Azure AD role display names and template IDs

Role template IDs

Role template IDs are used mainly by the Microsoft Graph API or PowerShell users.

Graph display NameAzure portal display namedirectory Role Template Id
Application AdministratorApplication administrator9B895D92-2CD3-44C7-9D02-A6AC2D5EA5C3
Application DeveloperApplication developerCF1C38E5-3621-4004-A7CB-879624DCED7C
Authentication AdministratorAuthentication administratorc4e39bd9-1100-46d3-8c65-fb160da0071f
Azure DevOps AdministratorAzure DevOps administratore3973bdf-4987-49ae-837a-ba8e231c7286
Azure Information Protection AdministratorAzure Information Protection administrator7495fdc4-34c4-4d15-a289-98788ce399fd
B2C IEF Keyset AdministratorB2C IEF Keyset Administratoraaf43236-0c0d-4d5f-883a-6955382ac081
B2C IEF Policy AdministratorB2C IEF Policy Administrator3edaf663-341e-4475-9f94-5c398ef6c070
Billing AdministratorBilling administratorb0f54661-2d74-4c50-afa3-1ec803f12efe
Cloud Application AdministratorCloud application administrator158c047a-c907-4556-b7ef-446551a6b5f7
Cloud Device AdministratorCloud device administrator7698a772-787b-4ac8-901f-60d6b08affd2
Company AdministratorGlobal administrator62e90394-69f5-4237-9190-012177145e10
Compliance AdministratorCompliance administrator17315797-102d-40b4-93e0-432062caca18
Compliance Data AdministratorCompliance data administratore6d1a23a-da11-4be4-9570-befc86d067a7
Conditional Access AdministratorConditional Access administratorb1be1c3e-b65d-4f19-8427-f6fa0d97feb9
CRM Service AdministratorDynamics 365 administrator44367163-eba1-44c3-98af-f5787879f96a
Customer LockBox Access ApproverCustomer Lockbox access approver5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91
Desktop Analytics AdministratorDesktop Analytics Administrator38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4
Device AdministratorsDevice administrators9f06204d-73c1-4d4c-880a-6edb90606fd8
Device JoinDeprecated9c094953-4995-41c8-84c8-3ebb9b32c93f
Device ManagersDeprecated2b499bcd-da44-4968-8aec-78e1674fa64d
Device UsersDeprecatedd405c6df-0af8-4e3b-95e4-4d06e542189e
Directory ReadersDirectory readers88d8e3e3-8f55-4a1e-953a-9b9898b8876b
Directory Synchronization AccountsNot shown because it shouldn’t be usedd29b2b05-8046-44ba-8758-1e26182fcf32
Directory WritersDirectory Writers9360feb5-f418-4baa-8175-e2a00bac4301
Exchange Service AdministratorExchange administrator29232cdf-9323-42fd-ade2-1d097af3e4de
External Id User flow AdministratorExternal Id User flow Administrator6e591065-9bad-43ed-90f3-e9424366d2f0
External Id User Flow Attribute AdministratorExternal Id User Flow Attribute Administrator0f971eea-41eb-4569-a71e-57bb8a3eff1e
External Identity Provider AdministratorExternal Identity Provider Administratorbe2f45a1-457d-42af-a067-6ec1fa63bc45
Global ReaderGlobal readerf2ef992c-3afb-46b9-b7cf-a126ee74c451
Groups AdministratorGroups administratorfdd7a751-b60b-444a-984c-02652fe8fa1c
Guest InviterGuest inviter95e79109-95c0-4d8e-aee3-d01accf2d47b
Helpdesk AdministratorHelpdesk administrator729827e3-9c14-49f7-bb1b-9608f156bbb8
Hybrid Identity AdministratorHybrid identity administrator8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2
Insights AdministratorInsights administratoreb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c
Insights Business LeaderInsights business leader31e939ad-9672-4796-9c2e-873181342d2d
Intune Service AdministratorIntune administrator3a2c62db-5318-420d-8d74-23affee5d9d5
Kaizala AdministratorKaizala administrator74ef975b-6605-40af-a5d2-b9539d836353
License AdministratorLicense administrator4d6ac14f-3453-41d0-bef9-a3e0c569773a
Lync Service AdministratorSkype for Business administrator75941009-915a-4869-abe7-691bff18279e
Message Center Privacy ReaderMessage center privacy readerac16e43d-7b2d-40e0-ac05-243ff356ab5b
Message Center ReaderMessage center reader790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b
Modern Commerce UserModern Commerce Userd24aef57-1500-4070-84db-2666f29cf966
Network AdministratorNetwork administratord37c8bed-0711-4417-ba38-b4abe66ce4c2
Office Apps AdministratorOffice apps administrator2b745bdf-0803-4d80-aa65-822c4493daac
Partner Tier1 SupportNot shown because it shouldn’t be used4ba39ca4-527c-499a-b93d-d9b492c50246
Partner Tier2 SupportNot shown because it shouldn’t be usede00e864a-17c5-4a4b-9c06-f5b95a8d5bd8
Password AdministratorPassword administrator966707d0-3269-4727-9be2-8c3a10f19b9d
Power BI Service AdministratorPower BI administratora9ea8996-122f-4c74-9520-8edcd192826c
Power Platform AdministratorPower platform administrator11648597-926c-4cf3-9c36-bcebb0ba8dcc
Printer AdministratorPrinter administrator644ef478-e28f-4e28-b9dc-3fdde9aa0b1f
Printer TechnicianPrinter techniciane8cef6f1-e4bd-4ea8-bc07-4b8d950f4477
Privileged Authentication AdministratorPrivileged authentication administrator7be44c8a-adaf-4e2a-84d6-ab2649e08a13
Privileged Role AdministratorPrivileged role administratore8611ab8-c189-46e8-94e1-60213ab1f814
Reports ReaderReports reader4a5d8f65-41da-4de4-8968-e035b65339cf
Search AdministratorSearch administrator0964bb5e-9bdb-4d7b-ac29-58e794862a40
Search EditorSearch editor8835291a-918c-4fd7-a9ce-faa49f0cf7d9
Security AdministratorSecurity administrator194ae4cb-b126-40b2-bd5b-6091b380977d
Security OperatorSecurity operator5f2222b1-57c3-48ba-8ad5-d4759f1fde6f
Security ReaderSecurity reader5d6b6bb7-de71-4623-b4af-96380a352509
Service Support AdministratorService support administratorf023fd81-a637-4b56-95fd-791ac0226033
SharePoint Service AdministratorSharePoint administratorf28a1f50-f6e7-4571-818b-6a12f2af6b6c
Teams Communications AdministratorTeams Communications Administratorbaf37b3a-610e-45da-9e62-d9d1e5e8914b
Teams Communications Support EngineerTeams Communications Support Engineerf70938a0-fc10-4177-9e90-2178f8765737
Teams Communications Support SpecialistTeams Communications Support Specialistfcf91098-03e3-41a9-b5ba-6f0ec8188a12
Teams Devices AdministratorTeams Devices Administrator3d762c5a-1b6c-493f-843e-55a3b42923d4
Teams Service AdministratorTeams Service Administrator69091246-20e8-4a56-aa4d-066075b2a7a8
UserNot shown because it can’t be useda0b1b346-4d3e-4e8b-98f8-753987be4970
User Account AdministratorUser administratorfe930be7-5e62-47db-91af-98c3a49a38b1
Workplace Device JoinDeprecatedc34f683f-4d5a-4403-affd-6615e00e3a7f
Table : List of built in Azure AD Roles display name and respective Directory Role Template IDs

Thanks for reading 🙂 Feel free to discuss / comment / questions 🙂 SHARING IS CARING 🙂

Share In Teams:

We have a lots of learning on Microsoft 365, for more details please visit – https://knowledge-junction.com/?s=Microsoft+365 OR https://knowledge-junction.com/?s=M+365 OR https://knowledge-junction.com/?s=O+365 OR https://knowledge-junction.com/?s=Office+365

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

This site uses Akismet to reduce spam. Learn how your comment data is processed.