Assign administrator and non-administrator roles to users with Azure Active Directory
If a user in your organization needs permission to manage Azure Active Directory (Azure AD) resources, you must assign the user an appropriate role in Azure AD, based on the actions the user needs permission to perform.
For more information about the available roles, see Assigning administrator roles in Azure Active Directory. For more information about adding users, see Add new users to Azure Active Directory.
A common way to assign Azure AD roles to a user is on the Directory role page for a user.
You can also assign roles using Privileged Identity Management (PIM). For more detailed information about how to use PIM, see Privileged Identity Management.
To assign a role to a user
Sign in to the Azure portal using a Global administrator account for the directory.
Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment. For example, Alain Charon.
On the Alain Charon - Profile page, select Assigned roles.
The Alain Charon - Directory role page appears.
Select Add assignment, select the role to assign to Alain (for example, Application administrator), and then choose Select.
The Application administrator role is assigned to Alain Charon and it appears on the Alain Charon - Directory role page.
Remove a role assignment
If you need to remove the role assignment from a user, you can also do that from the Alain Charon - Directory role page.
To remove a role assignment from a user
Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment removed. For example, Alain Charon.
Select Assigned roles, select Application administrator, and then select Remove assignment.
The Application administrator role is removed from Alain Charon and it no longer appears on the Alain Charon - Directory role page.
Or you can perform other user management tasks, such as assigning delegates, using policies, and sharing user accounts. For more information about other available actions, see Azure Active Directory user management documentation.