Hello,
We would like to enable co-management and dont want to give service account full global admin.
Do someone know which roles the azure ad account need to integrate co-management?
Is it one time job or will it act as a service account?
Co-management azure ad roles
There are no service accounts in ConfigMgr. Also, no global admin permissions are given or delegated during co-management configuration.
A global admin account is required during co-management setup to create an Azure AD app registration. There is no other way to create this registration. This is a one time activity that only occurs during setup usin the credentials supplied during the wizard.
@WilliamHanna-6349 For co-management, please ensure the Prerequisites in the following are met:
https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview#prerequisites
For the role and permission, we can refer to the following table:
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@WilliamHanna-6349, Hope everything is going well. I am writing to see if there's anything else we can help. If yes, feel free to let us know.
4 people are following this question.
