Microsoft’s Azure Active Directory includes the ability to designate separate administrators for different functions. These administrators have access to various features and capabilities, including the ability to read or change objects related to Azure AD.
Microsoft provides documentation about this topic at https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles.
Azure AD roles primarily support the Microsoft Infrastructure and MSCA service, so are primarily held by members of those service teams. However, it is possible for others outside those service teams to hold AAD roles.
Microsoft Infrastructure manages the AAD roles in the UW’s enterprise tenant and requests for a role can be sent to firstname.lastname@example.org for consideration. Please note that given the broad span of access associated with many AAD roles, we may not be able to grant all requests and that very careful consideration is given before granting requests.
Some limited further information about use of specific AAD roles are available as child pages.