Assigning Azure AD Administrative Roles

To collect State-in-Time data in your Exchange Online environment, Netwrix creates a dedicated cloud application. The account under which the application is created requires enhanced roles assignment:

  • Application Administrator & Privileged Role Administrator

    OR

  • Cloud Application Administrator & Privileged Role Administrator

    OR

  • Global Admin

To assign roles for Office 365 auditing

  1. Sign in to Azure AD portal using your Microsoft account.

  2. Select Azure Active Directory on the left.
  3. Select an account that you want to use as Data Collecting Account for Azure AD or create a new user.
  4. Make sure you disabled multi-factor authentication for this account.
  5. Expand the Directory role and select Add assignment.

  6. Select one of the following roles combination, depending on your company's security policy:

    • Application Administrator & Privileged Role Administrator

      OR

    • Cloud Application Administrator & Privileged Role Administrator

      OR

    • Global Admin

  7. Click Ok.