There are several hurdles to overcome when implementing a least privilege approach. One of these hurdles is selecting the right role for the job. With RBAC, Microsoft offers a variety of different roles that can be used to granularly assign rights to M365 and Azure Roles.
But which Azure AD role is the right one?
Let’s take the M365 security roles as an example.
The following Azure AD roles are available.
- Security Admin
- Security Operator
- Security Reader
Microsoft provides a good explanation of each role in its documents, broken down into actions and a description. However, comparing this information is time-consuming.
It is easier with the comparison function, which can be found in the M365 Admin Center on the “Roles” tab.

Search can be used to locate roles based on keywords.

If we now want to know which permissions are behind each role, we select the respective roles and click on “Compare roles”.

The result is an overview of the selected roles, where you can quickly get an overview of the included rights. In addition, it is very easy to compare the roles and decide more quickly which role is the right one for the purpose.
