To enable Admin1 to apply tagging for tenant restrictions in Microsoft Entra Internet Access, assign the following two roles:
Global Secure Access Administrator
Required to configure network labels (tags) for traffic categorization, which are used in tenant restrictions policies within Microsoft Entra Internet Access. This role manages Global Secure Access settings, including tagging.
Conditional Access Administrator
Required to create and enforce Conditional Access policies that use these tags to apply tenant restrictions. Tagging integrates with Conditional Access for policy enforcement.
Why not the others?
Network Administrator: Manages traditional network settings (e.g., VPN, firewalls) but not Entra Internet Access tagging or policies.
Security Administrator: Can manage Conditional Access policies but lacks permissions for Global Secure Access-specific configurations like tagging.
Service Support Administrator: Focuses on service health and support tickets, unrelated to policy tagging.
No comments:
Post a Comment