Return
-
Title
Azure Active Directory/ Entra ID discovery necessary roles -
Description
Hybrid Identity Administrator is the newest addition to the list of permissions for the Cloud Discoveries. The Entra ID discovery collects attributes related to Hybrid AD Connect. Enterprise Reporter collects and reports on attributes for a tenant including "On-Premises Last Password Sync Date Time" and "On-Premises Password Hash Sync Enabled"
-
Cause
Microsoft recently changed what permissions are required to collect these attributes, this is the reason behind this requirement.
-
Resolution
Azure Active Directory/ Entra ID discovery now require the following roles:
Global Reader
Report Reader
Hybrid Identity Administrator