Roles you cannot manage in PIM
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) enables you to manage all Azure AD roles and all Azure resource roles. These roles also include your custom roles attached to your management groups, subscriptions, resource groups, and resources. However, there are few roles that you cannot manage. This article describes the roles you cannot manage in PIM.
Classic subscription administrator roles
You cannot manage the following classic subscription administrator roles in PIM:
- Account Administrator
- Service Administrator
For more information about the classic subscription administrator roles, see Classic subscription administrator roles, Azure RBAC roles, and Azure AD administrator roles.
What about Office 365 admin roles?
Roles within Exchange Online or SharePoint Online, except for Exchange Administrator and SharePoint Administrator, are not represented in Azure AD and so cannot be managed in PIM. For more information about these Office 365 services, see Office 365 admin roles.
SharePoint Administrator has administrative access to SharePoint Online through the SharePoint Online admin center, and can perform almost any task in SharePoint Online. Eligible users may experience delays using this role within SharePoint after activating in PIM.
Send feedback about: