Role Wizard

As CIPP is an application that touches many parts of M365, selecting the roles might be difficult. The following roles are recommended for CIPP, but you may experiment with less permissive groups at your own risk.

  • Application Administrator

  • User Administrator

  • Intune Administrator

  • Exchange Administrator

  • Security Administrator

  • Cloud App Security Administrator

  • Cloud Device Administrator

  • Teams Administrator

  • Sharepoint Administrator

  • Authentication Policy Administrator

  • Privileged Role Administrator

  • Privileged Authentication Administrator (Only required if you want to be able to delete global admins within tenants from CIPP)

Selecting the Company Administrator (Global Admin) role is not advised. Relationships will have to be manually added every two years if you do.

Last updated