Identity Service, SharePoint Development Services
From Microsoft Corporation
Technical Bulletin MC358528 · Published Apr 13, 2022
Today, there are several user attributes that are considered sensitive, and we will be simplifying this model.
- Some rely on Global Admins (GA) to be able to manage them for all users (admins and non-admins).
- Others don’t have a Global Admins dependency but the set of admin roles that can manage them and for whom is not consistent.
When this will happen:
We will begin rolling this out in early June and expect to complete rollout late June.
How this will affect your organization:
User Admins, Authentication Admins and Privileged Authentication Admins will be able to manage all sensitive attributes for non-admin users and select admin users based on the same model we have for password reset here.
The full list of sensitive attributes and tasks is:
- auth methods
What you need to do to prepare:
We will align the behavior of managing user attributes with that mentioned above. So, some older roles that were also allowed to manage user attributes (for ex – Directory Writer) will no longer work. Please work with your Privileged Role Admin or Global Admin if new role assignments are needed to avoid any impact on your business operations.