Recommended Roles

As CIPP is an application that touches many parts of M365 selecting the roles might be difficult. The following roles are recommended for CIPP, but you may experiment with less permissive groups at your own risk.

Please note that any relationship that contains the "Global Administrator"/"Company Administrator" role will NOT be eligible for auto extend.

  • Application Administrator

  • Authentication Policy Administrator

  • Cloud App Security Administrator

  • Cloud Device Administrator

  • Exchange Administrator

  • Intune Administrator

  • Privileged Role Administrator

  • Security Administrator

  • SharePoint Administrator

  • Teams Administrator

  • User Administrator

  • Privileged Authentication Administrator

Last updated