M365 Changelog: New Azure AD built-in role – Cloud App Security Administrator

MC261079 – Updated August 08, 2021: Microsoft has updated this post to ensure visibility. Thank you for your patience.

Microsoft has created a new built-in role in Azure AD for you to manage Microsoft Cloud App Security (MCAS).

When this will happen

This role is available in all environments now.

How this will affect your organization

You will now have a new built-in role in Azure AD to manage Microsoft Cloud App Security (MCAS)

• Cloud App Security Administrator – Users with this role has full admin permissions in Microsoft Cloud App Security (MCAS). They can manage policies and settings, upload logs, and perform governance actions.

What you need to do to prepare:

Security Administrator grants permissions across many security workloads. So, if you want more granular control over just MCAS, consider using Cloud App Security Administrator.

Because Global administrator accounts are powerful and vulnerable to attack, Microsoft recommends that you have fewer than five Global Administrators. Use these lower privileged roles instead.