Users with the Security Reader Azure AD role have read-only access to all information in Azure AD as well as the ability to access Azure AD reports and audit logs. This document can not exhaustively cover how to use this role, but instead is intended as initial orientation.
More information about this role is published by Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles.
Users with this role can access information via many different methods. The table below lists the most common methods for a given type of information, separating them by the 2 primary types of access desired.
Do note that none of these methods are necessarily equivalent in terms of the information provided, so you may need to explore all possible methods and the documented capabilities to find the information desired.
|AAD object information||AAD audit logs & reports||O365 object info||O365 audit logs & reports|