Azure AD / Office 365 – New Global Reader built-in role is coming

It has been a long awaited capability: being able to give a complete read-access only to Azure AD/Office 365 administration.

Well good news, a read-only administrative access role is coming – called Global Reader. The deployment will start on September 24 and scheduled to be completed by October.

It worth noting that few limitations will be there for the time being:

At public preview launch, global reader does not work with SharePoint, Privileged Access Management, Customer Lockbox, sensitivity labels, or the following features within Teams: Teams Lifecycle, Reporting & Call Analytics, IP Phone Device Management, and App Catalog. All of these services will work with global reader in the future.

The ‘Available roles’ list – available – is not yet updated.

To assign this new role, access your Azure portal ( or Azure AD portal ( and reach out the Azure Active Directory blade

image_thumb  image_thumb1


Then access the Roles and administrators configuration blade to locate the Global Reader role and then use the Add assignment


If you are using the new Office 365 administration portal ( you also manage this new role from Roles blade


As a result of this role assignment, read only access is then granted to the user


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies