Hello,
I was working with a client today. They noticed that all of their Azure registered devices showed two Azure roles assigned. All of the devices show bot the Attribute assignment administrator and reader roles. I then checked in my tenant and confirmed the same behavior. I also confirmed that all of my hybrid and azure joined devices show the same thing.
Is there a reason these roles are showing up on all devices? If so, is it documented? I can see this raising a lot of red flags among security teams. If the roles need to be there, that's fine - I will just need to provide documentation as to why it is required.
