Roles

The Roles page provides a list of enumerated roles in entire Azure. The list contains the Object ID, Description, Privileged, Tier 0,Enabled and Built In.

Roles

Roles Details

Details page contains the Risk Score of the role,Exposure Point and Information panes.

You can analyze objects in the Graph module by clicking the Visualize button on the upper left side of the Information Pane.

Roles Details

Information

Information Pane can contain different badges to highlight important attributes.

Badge
Description

Privileged

Indicates that the object is Privileged.

Tier

Indicates that the object tier according to risk score and importance.

Enabled

Indicates that the object is enabled.

Disabled

Indicates that the object is disabled.

Stealth

Indicates that the object can compromise admin objects with at least one attack path.

Information Pane contains Details, Role Permissions, Groups, Service Principals, Devices, Users.

Details

Details tab contains attributes below about organizational unit.

Attribute
Description

Name

The unique name of the role within the tenant, used for identification and assignment.

Enabled

Indicates whether the role is currently active and available for assignments within the tenant.

Display Name

The human-readable name of the role, shown in the Azure portal when managing role assignments.

Is Built In

Specifies whether the role is a built-in system role provided by Microsoft, as opposed to a custom-defined role.

Description

A summary of the role’s purpose and permissions. This role allows management of Microsoft 365 Copilot and other AI-related enterprise features.

Tenant ID

The unique identifier (GUID) of the Azure AD tenant where this role exists and can be assigned.

Object ID

A globally unique identifier (GUID) for the specific instance of the role in this tenant, used internally for role assignments.

Role Template ID

The unique identifier of the role definition template. For built-in roles, this is the same across all tenants.

Role Permissions

Role permissions tab contains a list of role permissions that are in the given role. This list also contains Privileged column to identify the privilege levels of these role permission.

Role Permissions

Groups

Groups tab contains a list of groups that has the roles. This list also contains Enabled and On Prem Sync Enabled columns to identify the status of these groups.

Groups

Service Principals

Service Principals tab contains a list of service principals that has the roles. This list also contains Enabled, App Display Name , Service Principal Type columns to identify the status of these service principals.

Service Principals

Devices

Devices tab contains a list of devices that has the roles. This list also contains Account Enabled and On Prem Sync Enabled columns to identify the status of these devices.

Devices

Users

Users tab contains a list of users that has the roles. This list also contains Enabled and On Prem Sync Enabled columns to identify the status of these users.

Users
PreviousService PrincipalsNextAdministrative Units

Last updated

Was this helpful?