Domain Name Administrator

Entra ID · Identity · EAM ControlPlane

Domain Name Administrator

Privilegiada
Control PlaneIdentity
Role Actions
3
Control Plane
1
Management Plane
2
User Access
0
Não classificadas
0
Template ID
8329153b-31d0-4727-b945-745eb3bc5f31
Categoria
Identity
EAM Tier
Control Plane (Tier 0)
Enterprise Access Model: Control Plane

Controle total do tenant. Comprometimento leva a takeover completo. Isole de planos inferiores.

Descrição

For on-premises environments, users can configure domain names for federation so that associated users are always authenticated on-premises (these users can then sign into Microsoft Entra based services with their on-premises passwords v...

Role Definition (JSON)

{
"@odata.type": "#microsoft.graph.unifiedRoleDefinition",
"id": "8329153b-31d0-4727-b945-745eb3bc5f31",
"displayName": "Domain Name Administrator",
"description": "For on-premises environments, users can configure domain names for federation so that associated users are always authenticated on-premises (these users can then sign into Microsoft Entra based services with their on-premises passwords v...",
"isBuiltIn": true,
"isEnabled": true,
"isPrivileged": true,
"rolePermissions": [
{
"allowedResourceActions": [
"microsoft.directory/domains/allProperties/allTasks",

Permissões completas

Todas as 3 role actions desta role, classificadas por tier do EAM.

Role ActionCategoriaTier
microsoft.directory/domains/allProperties/allTasks
Tenant ManagementTier 0
microsoft.office365.supportTickets/allEntities/allTasks
Microsoft 365 Support OperationsTier 1
microsoft.office365.webPortal/allEntities/standard/read
Microsoft 365 Support OperationsTier 1

3 de 3 role actions

PowerShell

Get-MgRoleManagementDirectoryRoleDefinition `
  -UnifiedRoleDefinitionId "8329153b-31d0-4727-b945-745eb3bc5f31"

Microsoft Graph

GET https://graph.microsoft.com/v1.0/
  roleManagement/directory/
  roleDefinitions/8329153b-31d0-4727-b945-745eb3bc5f31
Ver documentação oficial na Microsoft Learn

Roles relacionadas