Get the Office 365 admin roles and track the changes [updated december 2023]

Admin roles are the key of your kingdom

Office 365 allows organizations to granularly delegate administrative privileges.

Office 365 contains a lot of built-in aministrative roles. Among them we find Global Administrator, Exchange administrator, User Account Administrator, Billing Administrator, Global reader, etc.

Those privileges must be audited regularly.

When you have few IT guys, it is pretty straightforward to identify the admin roles. But when you have a big tenant or/and a lot of admins, it becomes hard to track the changes. Indeed, the Office 365 portal or Azure AD portal does not provide any admin role report.

This post provides you two scripts:

• one script to track the admin roles changes during the last 90 days
• one script to get a report about Microsoft 365 admin roles and their members

Track the Office 365 admin roles changes

The following PowerShell script t generates report about all the changes regarding the admin roles (add or remove member). You can find the latest version of this script on my GitHub :

Microsoft365-Toolbox/Audit/Search-AdminRolesChanges.ps1 at master · itpro-tips/Microsoft365-Toolbox

Contribute to itpro-tips/Microsoft365-Toolbox development by creating an account on GitHub.

GitHubitpro-tips

Get report about Microsoft 365 roles group member

The following PowerShell script generates report about all the Microsoft 365 admin roles and members, included Privileged Identity Management assignments.

Get the last version on my Github:

Microsoft365-Toolbox/AdminRoles/Get-MgRoleReport.ps1 at master · itpro-tips/Microsoft365-Toolbox

Contribute to itpro-tips/Microsoft365-Toolbox development by creating an account on GitHub.

GitHubitpro-tips