When implementing a least Privilege Concept, there are a few hurdles to face. One of those hurdles is choosing the right role for the job. With RBAC, Microsoft offers us a variety of different roles with which rights to M365 and Azure Roles can be granularly assigned.
But which role is the right one?
As an example, let’s take the M365 Security roles.
The following roles are available:
- Security Admin
- Security Operator
- Security Reader
Microsoft offers in its docs a good explanation of the individual roles broken down into actions and a description. However, comparing this information with each other is time-consuming.
It is easier with the Compare function, which can be found in the M365 Admin Center in the Roles tab.
The Search can be used to find out roles based on keywords.
If we now want to know which permissions are behind the individual roles, we select the respective roles and click on “Compare Roles”.
The result is an overview of the selected roles on where you can quickly get an overview of the included rights. In addition, it is very easy to compare the roles and decide more quickly which role is the right one for the respective purpose.