...
Overview
This document outlines Azure Active Directory roles which enable Zilla Admin to perform Office 365 Permissions Access Reviews utilizing specific Azure Active Directory Roles relating to the Office 365 suite of Saas Applications.
In this guide you will learn:
Which specific Azure Active Directory Roles exist relating to Office 365 SaaS cloud applications.
How to define and view Office 365 Privileged roles within the context of Azure Active Directory within the Zilla product.
How to run a privileged Access Review campaign for Office 365 using the Azure AD instance in Zilla.
Roles and Groups in Office 365
Roles and Groups in Office 365 are managed by assigning Office 365 specific Azure Active Directory Roles and Permissions.
...
Common Exchange Online specific Azure Active Directory roles for which Zilla Access Reviews will review:
Global Administrator (Can manage entire system)
Exchange Administrator (Can Manage all aspects of the Exchange Online product)
Exchange Recipient Administrator (Can create or update Exchange Online recipients within the Exchange Online organization.
Hybrid Identity Administrator (Can Manage Hybrid AD to AAD provisioning, Azure AD Connect, and Exchange Server and Exchange Online Hybrid federation settings.
A Zilla Role Based access review of Azure Active Directory reveals the privileged permissions for Exchange Online.
...
A Zilla Role Based access review of Azure Active Directory reveals the privileged permissions for Microsoft Teams.
...
Privileged Access Review Office 365 in Zilla
The Zilla Administrator can run an Office 365 PAR Review for Office 365 Admin permissions within the context of an Azure Active Directory Access Campaign.
Campaign below named “Privileged Access Review Office 365” is created and is configured to only target AAD Roles that provide Office 365 Admin permissions such as “Exchange Administrator”.
...
Once the campaign is run the assigned reviewer will see the Admin permissions as shown below and will make the appropriate review decision.
...