Assigning Administrative Roles for Azure AD /Office 365

To collect audit data from your Azure AD /Office 365 organization environment, Netwrix Auditor creates a dedicated Azure AD application. The account under which the application is created requires enhanced roles assignment:

  • Application Administrator & Privileged Role Administrator

    OR

  • Cloud Application Administrator & Privileged Role Administrator

    OR

  • Global Admin

To assign administrative roles:

  1. Sign in to Azure AD portal using your Microsoft account.

  2. Select Azure Active Directory on the left.
  3. Select an account that you want to use for data collection, or create a new user.
  4. Make sure you have disabled multi-factor authentication for this account.
  5. Expand the Directory role and select Add assignment.

  6. Assign one of the following roles combination, depending on your company's security policy:

    • Application Administrator & Privileged Role Administrator

      OR

    • Cloud Application Administrator & Privileged Role Administrator

      OR

    • Global Admin

  7. Click Ok.