设为首页收藏本站
切换到窄版

个人小站

 找回密码
 立即注册
搜索
热搜: 活动 交友 discuz
个人小站»论坛 技术交流 office365 Office 365 通过 API 提升子号为全局管理员的教程 /方法 ...
返回列表 发新帖
查看: 38|回复: 0

[非必要资源] Office 365 通过 API 提升子号为全局管理员的教程 /方法

[复制链接]
荣誉会员
  • 打卡等级:热心大叔
  • 打卡总天数:348
  • 打卡月天数:2
  • 打卡总奖励:127963
  • 最近打卡:2024-09-12 09:49:55

69

主题

14

回帖

11万

积分

超级版主

Rank: 8Rank: 8

积分
111715

优秀版主论坛元老
发表于 2021-5-5 18:32:45 | 显示全部楼层 |阅读模式
本帖最后由 荣誉会员 于 2021-5-5 19:08 编辑

首先,感谢两位大佬的教程



我在他们教程的基础上加以细化,让小白也能上手

为什么要通过 API 提升子号为全局管理员?这个原因其实很简单,了解 Microsoft 365 / Office 365 A1 / A1P / A3 的朋友应该都知道,对于这些来源不明的全局,微软发现后肯定是要封的,封所有管理员,但是一般不封子号,封了后,如果你还有 API,那么就可以通过 API 提升子号为全局管理员,再次对全局进行掌控

一 Microsoft 365 / Office 365 A1 / A1P / A3 通过 API 提升子号为全局管理员的基本条件
API 权限:RoleManagement.ReadWrite.Directory

能登录的子号

SP 不为 0


满足以上三个条件后,就可以开始提升子号为全局管理员


二 创建 Azure AD 应用程序
可以看我以前的教程:http://i.niyitian.com/forum.php?mod=viewthread&tid=21&extra=page%3D1

一定要开启:RoleManagement.ReadWrite.Directory 权限

三 注册 Postman
进入:https://www.postman.com/,注册并登录账号

四 创建 Microsoft Graph Postman 工作区





五 在 Postman 中配置身份验证 / 授权



填入第二步中得到的【ClientID】【TenantID】【ClientSecret】,然后点【Save】保存


进入【Application】开始授权


注意上图中右上角那儿要选择刚刚创建的【M365 Environment】


点击【Get New Access Token】开始授权


授权成功


点击【Use Token】后再点击【Save】保存


六 获取子号 ID & 管理员 ID

进入位置请看下图



然后点击【Send】

  1. # 返回结果
  2. {
  3.     "businessPhones": [],
  4.     "displayName": "GV靓号",
  5.     "givenName": "GV",
  6.     "jobTitle": null,
  7.     "mail": null,
  8.     "mobilePhone": null,
  9.     "officeLocation": null,
  10.     "preferredLanguage": null,
  11.     "surname": "靓号",
  12.     "userPrincipalName": "[email protected]",
  13.     "id": "763b6ba7-549e-4364-bc9f-3f63af52e860"
  14. },
复制代码

记录要提权为管理员的子号 ID,即最后一行


然后点击【Send】

  1. # 返回结果
  2. # 全局管理员
  3. {
  4.             "id": "62e90394-69f5-4237-9190-012177145e10",
  5.             "deletedDateTime": null,
  6.             "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
  7.             "displayName": "Global Administrator"
  8.         },
  9. # 密码管理员
  10. {
  11.             "id": "966707d0-3269-4727-9be2-8c3a10f19b9d",
  12.             "deletedDateTime": null,
  13.             "description": "Can reset passwords for non-administrators and Password Administrators.",
  14.             "displayName": "Password Administrator"
  15.         },
复制代码


记录要提权为哪种管理员的 ID,即第一行

七 Microsoft 365 / Office 365 A1 / A1P / A3 通过 API 提升子号为全局管理员

我以提升为全局管理员为例来示范

  1. # 在 POST 后输入下面的内容,62e90394-69f5-4237-9190-012177145e10 可以修改为其他管理员 ID
  2. https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=62e90394-69f5-4237-9190-012177145e10/members/$ref
  3. # 在相应位置输入下面的内容,763b6ba7-549e-4364-bc9f-3f63af52e860 换成你子号的 ID
  4. {
  5.   "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/763b6ba7-549e-4364-bc9f-3f63af52e860"
  6. }
复制代码



注意看图中内容的输入位置

最后点击【Send】


返回【204 No Content】,说明成功了


Microsoft 365 / Office 365 A1 / A1P / A3 通过 API 提升子号为全局管理员的教程 / 方法结束

所有管理员 ID

  1. {
  2.     "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryRoleTemplates",
  3.     "value": [
  4.         {
  5.             "id": "62e90394-69f5-4237-9190-012177145e10",
  6.             "deletedDateTime": null,
  7.             "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
  8.             "displayName": "Global Administrator"
  9.         },
  10.         {
  11.             "id": "10dae51f-b6af-4016-8d66-8c2a99b929b3",
  12.             "deletedDateTime": null,
  13.             "description": "Default role for guest users. Can read a limited set of directory information.",
  14.             "displayName": "Guest User"
  15.         },
  16.         {
  17.             "id": "2af84b1e-32c8-42b7-82bc-daa82404023b",
  18.             "deletedDateTime": null,
  19.             "description": "Default role for guest users with restricted access. Can read a limited set of directory information.",
  20.             "displayName": "Restricted Guest User"
  21.         },
  22.         {
  23.             "id": "95e79109-95c0-4d8e-aee3-d01accf2d47b",
  24.             "deletedDateTime": null,
  25.             "description": "Can invite guest users independent of the 'members can invite guests' setting.",
  26.             "displayName": "Guest Inviter"
  27.         },
  28.         {
  29.             "id": "fe930be7-5e62-47db-91af-98c3a49a38b1",
  30.             "deletedDateTime": null,
  31.             "description": "Can manage all aspects of users and groups, including resetting passwords for limited admins.",
  32.             "displayName": "User Administrator"
  33.         },
  34.         {
  35.             "id": "729827e3-9c14-49f7-bb1b-9608f156bbb8",
  36.             "deletedDateTime": null,
  37.             "description": "Can reset passwords for non-administrators and Helpdesk Administrators.",
  38.             "displayName": "Helpdesk Administrator"
  39.         },
  40.         {
  41.             "id": "f023fd81-a637-4b56-95fd-791ac0226033",
  42.             "deletedDateTime": null,
  43.             "description": "Can read service health information and manage support tickets.",
  44.             "displayName": "Service Support Administrator"
  45.         },
  46.         {
  47.             "id": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
  48.             "deletedDateTime": null,
  49.             "description": "Can perform common billing related tasks like updating payment information.",
  50.             "displayName": "Billing Administrator"
  51.         },
  52.         {
  53.             "id": "a0b1b346-4d3e-4e8b-98f8-753987be4970",
  54.             "deletedDateTime": null,
  55.             "description": "Default role for member users. Can read all and write a limited set of directory information.",
  56.             "displayName": "User"
  57.         },
  58.         {
  59.             "id": "4ba39ca4-527c-499a-b93d-d9b492c50246",
  60.             "deletedDateTime": null,
  61.             "description": "Do not use - not intended for general use.",
  62.             "displayName": "Partner Tier1 Support"
  63.         },
  64.         {
  65.             "id": "e00e864a-17c5-4a4b-9c06-f5b95a8d5bd8",
  66.             "deletedDateTime": null,
  67.             "description": "Do not use - not intended for general use.",
  68.             "displayName": "Partner Tier2 Support"
  69.         },
  70.         {
  71.             "id": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
  72.             "deletedDateTime": null,
  73.             "description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests.",
  74.             "displayName": "Directory Readers"
  75.         },
  76.         {
  77.             "id": "9360feb5-f418-4baa-8175-e2a00bac4301",
  78.             "deletedDateTime": null,
  79.             "description": "Can read and write basic directory information. For granting access to applications, not intended for users.",
  80.             "displayName": "Directory Writers"
  81.         },
  82.         {
  83.             "id": "29232cdf-9323-42fd-ade2-1d097af3e4de",
  84.             "deletedDateTime": null,
  85.             "description": "Can manage all aspects of the Exchange product.",
  86.             "displayName": "Exchange Administrator"
  87.         },
  88.         {
  89.             "id": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",
  90.             "deletedDateTime": null,
  91.             "description": "Can manage all aspects of the SharePoint service.",
  92.             "displayName": "SharePoint Administrator"
  93.         },
  94.         {
  95.             "id": "75941009-915a-4869-abe7-691bff18279e",
  96.             "deletedDateTime": null,
  97.             "description": "Can manage all aspects of the Skype for Business product.",
  98.             "displayName": "Skype for Business Administrator"
  99.         },
  100.         {
  101.             "id": "d405c6df-0af8-4e3b-95e4-4d06e542189e",
  102.             "deletedDateTime": null,
  103.             "description": "Device Users",
  104.             "displayName": "Device Users"
  105.         },
  106.         {
  107.             "id": "9f06204d-73c1-4d4c-880a-6edb90606fd8",
  108.             "deletedDateTime": null,
  109.             "description": "Device Administrators",
  110.             "displayName": "Azure AD Joined Device Local Administrator"
  111.         },
  112.         {
  113.             "id": "9c094953-4995-41c8-84c8-3ebb9b32c93f",
  114.             "deletedDateTime": null,
  115.             "description": "Device Join",
  116.             "displayName": "Device Join"
  117.         },
  118.         {
  119.             "id": "c34f683f-4d5a-4403-affd-6615e00e3a7f",
  120.             "deletedDateTime": null,
  121.             "description": "Workplace Device Join",
  122.             "displayName": "Workplace Device Join"
  123.         },
  124.         {
  125.             "id": "17315797-102d-40b4-93e0-432062caca18",
  126.             "deletedDateTime": null,
  127.             "description": "Can read and manage compliance configuration and reports in Azure AD and Office 365.",
  128.             "displayName": "Compliance Administrator"
  129.         },
  130.         {
  131.             "id": "d29b2b05-8046-44ba-8758-1e26182fcf32",
  132.             "deletedDateTime": null,
  133.             "description": "Only used by Azure AD Connect service.",
  134.             "displayName": "Directory Synchronization Accounts"
  135.         },
  136.         {
  137.             "id": "2b499bcd-da44-4968-8aec-78e1674fa64d",
  138.             "deletedDateTime": null,
  139.             "description": "Deprecated - Do Not Use.",
  140.             "displayName": "Device Managers"
  141.         },
  142.         {
  143.             "id": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",
  144.             "deletedDateTime": null,
  145.             "description": "Can create and manage all aspects of app registrations and enterprise apps.",
  146.             "displayName": "Application Administrator"
  147.         },
  148.         {
  149.             "id": "cf1c38e5-3621-4004-a7cb-879624dced7c",
  150.             "deletedDateTime": null,
  151.             "description": "Can create application registrations independent of the 'Users can register applications' setting.",
  152.             "displayName": "Application Developer"
  153.         },
  154.         {
  155.             "id": "5d6b6bb7-de71-4623-b4af-96380a352509",
  156.             "deletedDateTime": null,
  157.             "description": "Can read security information and reports in Azure AD and Office 365.",
  158.             "displayName": "Security Reader"
  159.         },
  160.         {
  161.             "id": "194ae4cb-b126-40b2-bd5b-6091b380977d",
  162.             "deletedDateTime": null,
  163.             "description": "Security Administrator allows ability to read and manage security configuration and reports.",
  164.             "displayName": "Security Administrator"
  165.         },
  166.         {
  167.             "id": "e8611ab8-c189-46e8-94e1-60213ab1f814",
  168.             "deletedDateTime": null,
  169.             "description": "Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management.",
  170.             "displayName": "Privileged Role Administrator"
  171.         },
  172.         {
  173.             "id": "3a2c62db-5318-420d-8d74-23affee5d9d5",
  174.             "deletedDateTime": null,
  175.             "description": "Can manage all aspects of the Intune product.",
  176.             "displayName": "Intune Administrator"
  177.         },
  178.         {
  179.             "id": "158c047a-c907-4556-b7ef-446551a6b5f7",
  180.             "deletedDateTime": null,
  181.             "description": "Can create and manage all aspects of app registrations and enterprise apps except App Proxy.",
  182.             "displayName": "Cloud Application Administrator"
  183.         },
  184.         {
  185.             "id": "5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91",
  186.             "deletedDateTime": null,
  187.             "description": "Can approve Microsoft support requests to access customer organizational data.",
  188.             "displayName": "Customer LockBox Access Approver"
  189.         },
  190.         {
  191.             "id": "44367163-eba1-44c3-98af-f5787879f96a",
  192.             "deletedDateTime": null,
  193.             "description": "Can manage all aspects of the Dynamics 365 product.",
  194.             "displayName": "Dynamics 365 Administrator"
  195.         },
  196.         {
  197.             "id": "a9ea8996-122f-4c74-9520-8edcd192826c",
  198.             "deletedDateTime": null,
  199.             "description": "Can manage all aspects of the Power BI product.",
  200.             "displayName": "Power BI Administrator"
  201.         },
  202.         {
  203.             "id": "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9",
  204.             "deletedDateTime": null,
  205.             "description": "Can manage conditional access capabilities.",
  206.             "displayName": "Conditional Access Administrator"
  207.         },
  208.         {
  209.             "id": "4a5d8f65-41da-4de4-8968-e035b65339cf",
  210.             "deletedDateTime": null,
  211.             "description": "Can read sign-in and audit reports.",
  212.             "displayName": "Reports Reader"
  213.         },
  214.         {
  215.             "id": "790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b",
  216.             "deletedDateTime": null,
  217.             "description": "Can read messages and updates for their organization in Office 365 Message Center only.",
  218.             "displayName": "Message Center Reader"
  219.         },
  220.         {
  221.             "id": "7495fdc4-34c4-4d15-a289-98788ce399fd",
  222.             "deletedDateTime": null,
  223.             "description": "Can manage all aspects of the Azure Information Protection product.",
  224.             "displayName": "Azure Information Protection Administrator"
  225.         },
  226.         {
  227.             "id": "38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4",
  228.             "deletedDateTime": null,
  229.             "description": "Can access and manage Desktop management tools and services.",
  230.             "displayName": "Desktop Analytics Administrator"
  231.         },
  232.         {
  233.             "id": "4d6ac14f-3453-41d0-bef9-a3e0c569773a",
  234.             "deletedDateTime": null,
  235.             "description": "Can manage product licenses on users and groups.",
  236.             "displayName": "License Administrator"
  237.         },
  238.         {
  239.             "id": "7698a772-787b-4ac8-901f-60d6b08affd2",
  240.             "deletedDateTime": null,
  241.             "description": "Full access to manage devices in Azure AD.",
  242.             "displayName": "Cloud Device Administrator"
  243.         },
  244.         {
  245.             "id": "c4e39bd9-1100-46d3-8c65-fb160da0071f",
  246.             "deletedDateTime": null,
  247.             "description": "Allowed to view, set and reset authentication method information for any non-admin user.",
  248.             "displayName": "Authentication Administrator"
  249.         },
  250.         {
  251.             "id": "7be44c8a-adaf-4e2a-84d6-ab2649e08a13",
  252.             "deletedDateTime": null,
  253.             "description": "Allowed to view, set and reset authentication method information for any user (admin or non-admin).",
  254.             "displayName": "Privileged Authentication Administrator"
  255.         },
  256.         {
  257.             "id": "baf37b3a-610e-45da-9e62-d9d1e5e8914b",
  258.             "deletedDateTime": null,
  259.             "description": "Can manage calling and meetings features within the Microsoft Teams service.",
  260.             "displayName": "Teams Communications Administrator"
  261.         },
  262.         {
  263.             "id": "f70938a0-fc10-4177-9e90-2178f8765737",
  264.             "deletedDateTime": null,
  265.             "description": "Can troubleshoot communications issues within Teams using advanced tools.",
  266.             "displayName": "Teams Communications Support Engineer"
  267.         },
  268.         {
  269.             "id": "fcf91098-03e3-41a9-b5ba-6f0ec8188a12",
  270.             "deletedDateTime": null,
  271.             "description": "Can troubleshoot communications issues within Teams using basic tools.",
  272.             "displayName": "Teams Communications Support Specialist"
  273.         },
  274.         {
  275.             "id": "69091246-20e8-4a56-aa4d-066075b2a7a8",
  276.             "deletedDateTime": null,
  277.             "description": "Can manage the Microsoft Teams service.",
  278.             "displayName": "Teams Administrator"
  279.         },
  280.         {
  281.             "id": "eb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c",
  282.             "deletedDateTime": null,
  283.             "description": "Has administrative access in the M365 Insights app.",
  284.             "displayName": "Insights Administrator"
  285.         },
  286.         {
  287.             "id": "ac16e43d-7b2d-40e0-ac05-243ff356ab5b",
  288.             "deletedDateTime": null,
  289.             "description": "Can read security messages and updates in Office 365 Message Center only.",
  290.             "displayName": "Message Center Privacy Reader"
  291.         },
  292.         {
  293.             "id": "6e591065-9bad-43ed-90f3-e9424366d2f0",
  294.             "deletedDateTime": null,
  295.             "description": "Can create and manage all aspects of user flows.",
  296.             "displayName": "External ID User Flow Administrator"
  297.         },
  298.         {
  299.             "id": "0f971eea-41eb-4569-a71e-57bb8a3eff1e",
  300.             "deletedDateTime": null,
  301.             "description": "Can create and manage the attribute schema available to all user flows.",
  302.             "displayName": "External ID User Flow Attribute Administrator"
  303.         },
  304.         {
  305.             "id": "aaf43236-0c0d-4d5f-883a-6955382ac081",
  306.             "deletedDateTime": null,
  307.             "description": "Can manage secrets for federation and encryption in the Identity Experience Framework (IEF).",
  308.             "displayName": "B2C IEF Keyset Administrator"
  309.         },
  310.         {
  311.             "id": "3edaf663-341e-4475-9f94-5c398ef6c070",
  312.             "deletedDateTime": null,
  313.             "description": "Can create and manage trust framework policies in the Identity Experience Framework (IEF).",
  314.             "displayName": "B2C IEF Policy Administrator"
  315.         },
  316.         {
  317.             "id": "be2f45a1-457d-42af-a067-6ec1fa63bc45",
  318.             "deletedDateTime": null,
  319.             "description": "Can configure identity providers for use in direct federation.",
  320.             "displayName": "External Identity Provider Administrator"
  321.         },
  322.         {
  323.             "id": "e6d1a23a-da11-4be4-9570-befc86d067a7",
  324.             "deletedDateTime": null,
  325.             "description": "Creates and manages compliance content.",
  326.             "displayName": "Compliance Data Administrator"
  327.         },
  328.         {
  329.             "id": "5f2222b1-57c3-48ba-8ad5-d4759f1fde6f",
  330.             "deletedDateTime": null,
  331.             "description": "Creates and manages security events.",
  332.             "displayName": "Security Operator"
  333.         },
  334.         {
  335.             "id": "74ef975b-6605-40af-a5d2-b9539d836353",
  336.             "deletedDateTime": null,
  337.             "description": "Can manage settings for Microsoft Kaizala.",
  338.             "displayName": "Kaizala Administrator"
  339.         },
  340.         {
  341.             "id": "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
  342.             "deletedDateTime": null,
  343.             "description": "Can read everything that a global admin can read but not update anything.",
  344.             "displayName": "Global Reader"
  345.         },
  346.         {
  347.             "id": "0964bb5e-9bdb-4d7b-ac29-58e794862a40",
  348.             "deletedDateTime": null,
  349.             "description": "Can create and manage all aspects of Microsoft Search settings.",
  350.             "displayName": "Search Administrator"
  351.         },
  352.         {
  353.             "id": "8835291a-918c-4fd7-a9ce-faa49f0cf7d9",
  354.             "deletedDateTime": null,
  355.             "description": "Can create and manage the editorial content such as bookmarks, Q and As, locations, floorplan.",
  356.             "displayName": "Search Editor"
  357.         },
  358.         {
  359.             "id": "966707d0-3269-4727-9be2-8c3a10f19b9d",
  360.             "deletedDateTime": null,
  361.             "description": "Can reset passwords for non-administrators and Password Administrators.",
  362.             "displayName": "Password Administrator"
  363.         },
  364.         {
  365.             "id": "644ef478-e28f-4e28-b9dc-3fdde9aa0b1f",
  366.             "deletedDateTime": null,
  367.             "description": "Can manage all aspects of printers and printer connectors.",
  368.             "displayName": "Printer Administrator"
  369.         },
  370.         {
  371.             "id": "e8cef6f1-e4bd-4ea8-bc07-4b8d950f4477",
  372.             "deletedDateTime": null,
  373.             "description": "Can manage all aspects of printers and printer connectors.",
  374.             "displayName": "Printer Technician"
  375.         },
  376.         {
  377.             "id": "0526716b-113d-4c15-b2c8-68e3c22b9f80",
  378.             "deletedDateTime": null,
  379.             "description": "Can create and manage all aspects of authentication methods and password protection policies.",
  380.             "displayName": "Authentication Policy Administrator"
  381.         },
  382.         {
  383.             "id": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
  384.             "deletedDateTime": null,
  385.             "description": "Members of this role can create/manage groups, create/manage groups settings like naming and expiration policies, and view groups activity and audit reports.",
  386.             "displayName": "Groups Administrator"
  387.         },
  388.         {
  389.             "id": "11648597-926c-4cf3-9c36-bcebb0ba8dcc",
  390.             "deletedDateTime": null,
  391.             "description": "Can create and manage all aspects of Microsoft Dynamics 365, PowerApps and Microsoft Flow.",
  392.             "displayName": "Power Platform Administrator"
  393.         },
  394.         {
  395.             "id": "e3973bdf-4987-49ae-837a-ba8e231c7286",
  396.             "deletedDateTime": null,
  397.             "description": "Can manage Azure DevOps organization policy and settings.",
  398.             "displayName": "Azure DevOps Administrator"
  399.         },
  400.         {
  401.             "id": "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2",
  402.             "deletedDateTime": null,
  403.             "description": "Can manage AD to Azure AD cloud provisioning and federation settings.",
  404.             "displayName": "Hybrid Identity Administrator"
  405.         },
  406.         {
  407.             "id": "2b745bdf-0803-4d80-aa65-822c4493daac",
  408.             "deletedDateTime": null,
  409.             "description": "Can manage Office apps cloud services, including policy and settings management, and manage the ability to select, unselect and publish 'what's new' feature content to end-user's devices.",
  410.             "displayName": "Office Apps Administrator"
  411.         },
  412.         {
  413.             "id": "d37c8bed-0711-4417-ba38-b4abe66ce4c2",
  414.             "deletedDateTime": null,
  415.             "description": "Can manage network locations and review enterprise network design insights for Microsoft 365 Software as a Service applications.",
  416.             "displayName": "Network Administrator"
  417.         },
  418.         {
  419.             "id": "31e939ad-9672-4796-9c2e-873181342d2d",
  420.             "deletedDateTime": null,
  421.             "description": "Can view and share dashboards and insights via the M365 Insights app.",
  422.             "displayName": "Insights Business Leader"
  423.         },
  424.         {
  425.             "id": "3d762c5a-1b6c-493f-843e-55a3b42923d4",
  426.             "deletedDateTime": null,
  427.             "description": "Can perform management related tasks on Teams certified devices.",
  428.             "displayName": "Teams Devices Administrator"
  429.         },
  430.         {
  431.             "id": "c430b396-e693-46cc-96f3-db01bf8bb62a",
  432.             "deletedDateTime": null,
  433.             "description": "Can create and manage all aspects of attack simulation campaigns.",
  434.             "displayName": "Attack Simulation Administrator"
  435.         },
  436.         {
  437.             "id": "9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f",
  438.             "deletedDateTime": null,
  439.             "description": "Can create attack payloads that an administrator can initiate later.",
  440.             "displayName": "Attack Payload Author"
  441.         },
  442.         {
  443.             "id": "75934031-6c7e-415a-99d7-48dbd49e875e",
  444.             "deletedDateTime": null,
  445.             "description": "Can see only tenant level aggregates in Microsoft 365 Usage Analytics and Productivity Score.",
  446.             "displayName": "Usage Summary Reports Reader"
  447.         },
  448.         {
  449.             "id": "b5a8dcf3-09d5-43a9-a639-8e29ef291470",
  450.             "deletedDateTime": null,
  451.             "description": "Can configure knowledge, learning and other intelligent features.",
  452.             "displayName": "Knowledge Administrator"
  453.         },
  454.         {p
  455.             "id": "744ec460-397e-42ad-a462-8b3f9747a02c",
  456.             "deletedDateTime": null,
  457.             "description": "Has access to topic management dashboard and can manage content.",
  458.             "displayName": "Knowledge Manager"
  459.         },
  460.         {
  461.             "id": "8329153b-31d0-4727-b945-745eb3bc5f31",
  462.             "deletedDateTime": null,
  463.             "description": "Can manage domain names in cloud and on-premises.",
  464.             "displayName": "Domain Name Administrator"
  465.         },
  466.         {
  467.             "id": "31392ffb-586c-42d1-9346-e59415a2cc4e",
  468.             "deletedDateTime": null,
  469.             "description": "Can create or update Exchange Online recipients within the Exchange Online organization.",
  470.             "displayName": "Exchange Recipient Administrator"
  471.         }
  472.     ]
  473. }
复制代码





本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|个人小站

GMT+8, 2024-9-17 03:56 , Processed in 0.050940 second(s), 26 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表