Entra ID Roles
This page displays active assignments of Entra ID roles assigned to users, groups or service principals.
Last updated
This page displays active assignments of Entra ID roles assigned to users, groups or service principals.
Last updated
Entra ID roles gives a user, group or service principal permissions to manage Microsoft Entra.
Filter alternatives
Entity type: Filter on whether entity is user, group og service principal
Created date: Use the slicer to determine which period you want the user/group to be created
Last sign-in: Use the slicer to determine the last sign-in period of the user
User state: Choose if you want to filter on active or inactive users
Account: Filter for showing Disabled or Enabled users - or both.
Sign-in status: Helps you filter on users who have never signed in and users that have
MFA Reg: Filter on whether MFA registration process has been completed or not
License Status: Filter on if users are licensed or not
Entra Level: The Entra ID license level of the user (Free, P1, P2, Governance)
User principal name: Free search for user principal names
Focus table - Entra ID role assignments
The table provides an overview of all roles with administrative privileges, and number of entities that have the different role.
Groups and service principals with Entra ID roles should be reviewed.
Breakdown table - additional filter available for different user properties
This table shows the distribution of roles for the chosen user property in the breakdown filter. If a line is blank it means that this is a service principal or a group
Breakdown filter: Choose the preferred property you want to filter by, by using the breakdown filter on the right side. We have also included Extension attributes as this is often used by companies
Entity details table
In this table you can drill down on the specific users that have administrative privileges and investigate whether they should be removed or not.
The column selector on the right hand side gives you the opportunity to choose which information is the most interesting to see.
NB: Bsure Insights will only display active assignments and not eligible assignments due to permissions needed to extract eligible roles via Microsoft Graph. The app must be given write access to roles in order to extract eligible roles. This is not something you should allow.
