Who has admin roles?

Sadly, there is still (not yet) an easy graphical way of listing who in your organization is enjoying administrator roles in Office 365, but there is a way using PowerShell. I had my hopes up when we received an Azure AD Content package for PowerBI, but not yet, so I asked for it and it has been added to a backlog atleast.

Step 1 – We are using the Azure AD PowerShell module, which stores all the built-in roles for our tenant, even if they are invisible to our graphical interfaces. First we need to catch the role with this kind of command:

$AdminRole = Get-MsolRole -RoleName "Company Administrator"

Company Administrator is equal to Global Administrator, but if your looking for any other built-in role, change the RoleName to SharePoint Service Administrator, Exchange Service Administrator, Compliance Administrator, Lync Service Administrator, Billing Administrator, User Account Administrator, Service Support Administrator, etc.

See the full list and description of the roles here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles

Step 2 – Use the Role Object ID to get the members of that role.

Get-MsolRoleMember -RoleObjectId $AdminRole.ObjectId

This should create an output of all Global/Company Administrators like this:

Get-AdminRoleMembers

If you would like to export the results, add export to CSV:

Get-MsolRoleMember -RoleObjectId $AdminRole.ObjectId | Export-Csv C:\temp\adminroles.csv

Also, remember this is available to every user in your Azure AD tenant, so feel free to connect using PowerShell and see if your own organization isn’t giving away administrator roles to a very large amount of users.

In case, I would suggest looking into Azure AD Privileged Identity Management, an Azure AD Premium P2/EMS E5 feature. Giving temporary privileged access upon approval. Which also gives a graphical list of Azure AD administrators, but it unnecessary to pay for Azure AD Premium P2 to only list out built-in role members.


Leave a Reply

Ehlo!

I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts

    %d bloggers like this: