This Microsoft 365 blog post will show the most powerful security roles in any Microsoft 365 tenant and explain how you can protect them.
Any Microsoft 365 tenant has eight security roles that are very powerful regarding configuration impact. These roles can affect critical workloads like SharePoint, Exchange, and Entra ID.
A tenant admin should protect these roles and monitor the group membership of each one of them.
The list below shows the roles you need to be mindful of regarding who you give them and, most importantly, keep the number of people in them as low as possible.
- Global Administrator
- SharePoint Administrator
- Exchange Administrator
- Conditional Access Administrator
- Security Administrator
- Helpdesk Administrator
- Billing Administrator
- User Administrator
- Authentication Administrator