Administrative roles

The “Administrative roles” report under “Security” provides comprehensive details about users assigned various administrative roles within Microsoft 365. This report is essential for tracking and managing administrative permissions and roles within your organization.

Below are the key components included in the report:

Role names

Lists the specific administrative roles assigned to each user. These roles can include, but are not limited to:

• Global admin
• Exchange admin
• SharePoint admin
• Teams admin

Assignment type

Indicates whether the role assignment is:

• Eligible: the user is eligible for the role but is not actively assigned until activation.
• Permanent: the user is permanently assigned to the role.

Assignment start

Displays the start date and time of the role assignment. This field is populated only for Eligible active roles.

Assignment end

Displays the end date and time of the role assignment. This field is also populated only for Eligible active roles.

Overall provisioning status & Validation status

For users with the “Assignment type” set to “Eligible”, the “Overall provisioning status” and “Validation status” fields may not have values. These fields, which originated from the MSOL module, are no longer supported by the new Graph module.

Is licensed

Provides information on whether the users have active licenses or not. This is crucial for ensuring that users have the appropriate access to Microsoft 365 services.

Role scope

Defines the scope of the role, detailing the specific areas and resources within Microsoft 365 that the role has access to.

Role member type

Specifies the type of member assigned to the role. This could include different categories such as:

• User: an individual user assigned to the role.
• Group: a group of users assigned to the role.

Is-Built in

Indicates whether the role is a built-in role within Microsoft 365.