In this section, we will discuss and configure the delegation of administrative permissions, especially the question: are there global administrator permissions needed or can I delegate the tasks to other administrators?
By default, global administrators can obviously do all the administrative tasks for Azure RMS. But in fact, we don't want to use or assign global administrator rights to some individuals every time. With the command Add-AadrmRoleBasedAdministrator
, you can assign this administrative role to a user account or a group.
Two roles are available:
Global administrator: This will run all administrative tasks on Azure RMS without granting global administrator rights to other cloud services.
Connector administrator: This will just run the RMS connector. First, we check the default configuration using the following steps:
Open an elevated PowerShell and type the following command:
Get-AadrmRoleBasedAdministrator
Normally, if you didn't touch the...