Azure AD Admin plugin requirements

Hello Community,
I just wanted to share with everyone that the “Requirements” reported in the Azure AD Admin plugin do not correspond to those present on Azure:


  • The application this plugin connects to needs the following permissions:
  • Directory.AccessAsUser.All
  • Directory.ReadWrite.All
  • User.ReadWrite.All
  • IdentityRiskEvent.Read.All (Types: Delegated, Application)
  • Device.ReadWrite.All

Furthermore, this indication is not very clear:

  • The application will need to be added to the Global Administrator role. This can be done in Roles and administrators in Azure Active directory via the Azure Portal.
  • Roles and administrators

Is it possible to verify the requirements and provide more precise details?