Bsure Documentation
back to bsure.io
  • Welcome
  • Installation
    • Overview
    • Prerequisites
    • Installation Instructions
  • Technical Description
    • Design Principles
    • Azure Managed Application
    • Permissions Required
    • Security​
      • Public IP and Storage Account Key considerations
    • Technical Architecture
    • Dataflow and visibility
  • User guides
    • Overview
    • Main Dashboard
    • Users
      • Dashboard
      • Members
      • Guests
      • Data Quality
      • Properties
      • Sign-in Map
      • Sign-in Locations
      • Drilldown
    • Microsoft Licenses
      • Cost Dashboard
      • Licenses Overview
      • Subscription Overview
      • Inactive and Disabled Users
      • Overlapping licenses
      • Cost Allocation
      • Drilldown
      • Price Settings
      • Add Your Own Prices
        • Average SKU Price Calculator
    • Applications
      • Usage
      • Cost
      • Sign-in Locations
        • Successful sign-ins from blocked countries?
    • Groups
    • Security
      • Dashboard
      • Authentiation Methods
      • Entra ID Roles
      • Service Principals
    • Devices
      • Windows Dashboard
      • Windows Inactive Devices
      • Windows OS
      • Windows Management
      • Devices per Person
      • Drilldown
    • Share the Power BI App
      • Share App only
      • Give Access to the Power BI Workspace
      • Share the Storage Account Access Key
      • Share with External Users
    • Update Power BI App
    • Glossary
  • Pricing & Billing
    • Pricing
    • Billing
  • Support
    • Support
    • Frequently Asked Questions
    • Troubleshooting
    • Release Notes
    • New features
      • User purpose property
  • Partners
    • Partner sell an offering including the app to the customers
    • Customer have a strict data protection regime
    • Partner uses the app without customer knowledge
    • General considerations
  • Policies
    • Privacy Policy
    • Terms & Conditions
  • RECOMMENDED ACTIONS
    • Recommended actions
      • Review Entra ID role assignments and create a strategy to offer such roles
      • Review and remove all inactive or unwanted accounts
        • Bulk deletion of users in Entra ID
      • Protect all users with MFA
      • Review and clean up applications with excessive permissions
Powered by GitBook
On this page
  1. User guides
  2. Security

Entra ID Roles

This page displays active assignments of Entra ID roles assigned to users, groups or service principals.

PreviousAuthentiation MethodsNextService Principals

Last updated 3 months ago

Entra ID roles gives a user, group or service principal permissions to manage Microsoft Entra.

Filter alternatives

  • Entity type: Filter on whether entity is user, group og service principal

  • Created date: Use the slicer to determine which period you want the user/group to be created

  • Last sign-in: Use the slicer to determine the last sign-in period of the user

  • User state: Choose if you want to filter on active or inactive users

  • Account: Filter for showing Disabled or Enabled users - or both.

  • Sign-in status: Helps you filter on users who have never signed in and users that have

  • MFA Reg: Filter on whether MFA registration process has been completed or not

  • License Status: Filter on if users are licensed or not

  • Entra Level: The Entra ID license level of the user (Free, P1, P2, Governance)

  • User principal name: Free search for user principal names

Focus table - Entra ID role assignments

  • The table provides an overview of all roles with administrative privileges, and number of entities that have the different role.

  • Groups and service principals with Entra ID roles should be reviewed.

This is an interactive table, and by clicking one of the roles you can see the details of who has the role in the entity details table below

Breakdown table - additional filter available for different user properties

  • This table shows the distribution of roles for the chosen user property in the breakdown filter. If a line is blank it means that this is a service principal or a group

  • Breakdown filter: Choose the preferred property you want to filter by, by using the breakdown filter on the right side. We have also included Extension attributes as this is often used by companies

Entity details table

  • In this table you can drill down on the specific users that have administrative privileges and investigate whether they should be removed or not.

  • The column selector on the right hand side gives you the opportunity to choose which information is the most interesting to see.

Be aware of users without MFA registered or users who have not been logged in for more than 90 days

NB: Bsure Insights will only display active assignments and not eligible assignments due to permissions needed to extract eligible roles via Microsoft Graph. The app must be given write access to roles in order to extract eligible roles. This is not something you should allow.