| title | Conditional Access Administrator |
|---|---|
| description | Conditional Access Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
This is a privileged role. Users with this role have the ability to manage Microsoft Entra Conditional Access settings.
[!div class="mx-tableFixed"]
Actions Description microsoft.directory/conditionalAccessPolicies/basic/update Update basic properties for Conditional Access policies microsoft.directory/conditionalAccessPolicies/create Create Conditional Access policies microsoft.directory/conditionalAccessPolicies/delete Delete Conditional Access policies microsoft.directory/conditionalAccessPolicies/owners/read Read the owners of Conditional Access policies microsoft.directory/conditionalAccessPolicies/owners/update Update owners for Conditional Access policies microsoft.directory/conditionalAccessPolicies/policyAppliedTo/read Read the "applied to" property for Conditional Access policies microsoft.directory/conditionalAccessPolicies/standard/read Read Conditional Access for policies microsoft.directory/conditionalAccessPolicies/tenantDefault/update Update the default tenant for Conditional Access policies microsoft.directory/namedLocations/basic/update Update basic properties of custom rules that define network locations microsoft.directory/namedLocations/create Create custom rules that define network locations microsoft.directory/namedLocations/delete Delete custom rules that define network locations microsoft.directory/namedLocations/standard/read Read basic properties of custom rules that define network locations microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions