Recommended Roles
As CIPP is an application that touches many parts of M365 selecting the roles might be difficult. The following roles are recommended for CIPP, but you may experiment with less permissive groups at your own risk.
Please note that any relationship that contains the "Global Administrator"/"Company Administrator" role will NOT be eligible for auto extend.
Application Administrator
Authentication Policy Administrator
Cloud App Security Administrator
Cloud Device Administrator
Exchange Administrator
Intune Administrator
Privileged Role Administrator
Security Administrator
SharePoint Administrator
Teams Administrator
User Administrator
Privileged Authentication Administrator
Last updated