Office 365 Roles
As we know that if we try to change the role of a user through office portal we will get the following options,
But if you check the details of the roles available through PowerShell (Azure Active Directory PowerShell) command,
Get-MsolRole | Format-Table ObjectId, Name | clip
| ObjectId | Name |
| 729827e3-9c14-49f7-bb1b-9608f156bbb8 | Helpdesk Administrator |
| f023fd81-a637-4b56-95fd-791ac0226033 | Service Support Administrator |
| b0f54661-2d74-4c50-afa3-1ec803f12efe | Billing Administrator |
| 4ba39ca4-527c-499a-b93d-d9b492c50246 | Partner Tier1 Support |
| e00e864a-17c5-4a4b-9c06-f5b95a8d5bd8 | Partner Tier2 Support |
| 88d8e3e3-8f55-4a1e-953a-9b9898b8876b | Directory Readers |
| 29232cdf-9323-42fd-ade2-1d097af3e4de | Exchange Service Administrator |
| 75941009-915a-4869-abe7-691bff18279e | Lync Service Administrator |
| fe930be7-5e62-47db-91af-98c3a49a38b1 | User Account Administrator |
| 9360feb5-f418-4baa-8175-e2a00bac4301 | Directory Writers |
| 62e90394-69f5-4237-9190-012177145e10 | Company Administrator |
| f28a1f50-f6e7-4571-818b-6a12f2af6b6c | SharePoint Service Administrator |
| d405c6df-0af8-4e3b-95e4-4d06e542189e | Device Users |
| 9f06204d-73c1-4d4c-880a-6edb90606fd8 | Device Administrators |
| 9c094953-4995-41c8-84c8-3ebb9b32c93f | Device Join |
| c34f683f-4d5a-4403-affd-6615e00e3a7f | Workplace Device Join |
| 17315797-102d-40b4-93e0-432062caca18 | Compliance Administrator |
| d29b2b05-8046-44ba-8758-1e26182fcf32 | Directory Synchronization Acc... |
| 2b499bcd-da44-4968-8aec-78e1674fa64d | Device Managers |
| 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 | Application Administrator |
| cf1c38e5-3621-4004-a7cb-879624dced7c | Application Developer |
| 5d6b6bb7-de71-4623-b4af-96380a352509 | Security Reader |
| 194ae4cb-b126-40b2-bd5b-6091b380977d | Security Administrator |
| e8611ab8-c189-46e8-94e1-60213ab1f814 | Privileged Role Administrator |
| 3a2c62db-5318-420d-8d74-23affee5d9d5 | Intune Service Administrator |
| 158c047a-c907-4556-b7ef-446551a6b5f7 | Cloud Application Administrator |
| 5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91 | Customer LockBox Access Approver |
| 44367163-eba1-44c3-98af-f5787879f96a | CRM Service Administrator |
| a9ea8996-122f-4c74-9520-8edcd192826c | Power BI Service Administrator |
| 95e79109-95c0-4d8e-aee3-d01accf2d47b | Guest Inviter |
Below mentioned are the roles that will get listed.
As per the requirement you can change the role of the user, by the following command.
Add-MsOlRoleMember –RoleName ‘Compliance Administrator’ –RoleMemberEmailAddress ‘audit@#######onmicrosoft.com’
*** ***
Once the user is added you can verify the role as well from,
Get-MsOlRoleMember –RoleObjectId 17315797-102d-40b4-93e0-432062caca18 | Format-Table RoleMemberType, EmailAddress, DisplayName –AutoSize
As per the requirement you can choose the role and assign the permission to the respective task.
- Rishabh Srivastava