There are over 390 built-in powers for managing objects and performing common administrative tasks that you can work with when defining roles and making delegation assignments. Built-in powers cannot be deleted, but you can clone them to make custom powers. A few examples of built-in powers are included below:
Provides the power to create groups and specify all properties during group creation.
If the Recycle Bin is enabled, provides the power to move user accounts to the Recycle Bin. If the Recycle Bin is disabled, provides the power to permanently delete user accounts.
Provides the power to modify all properties for computer accounts.
Use the following powers to delegate the creation and management of Azure users, groups, and contacts.
Azure User Account Powers:
Create Azure User and Modify All Properties
Delete Azure User Account Permanently
Manage Sign-In for Azure Users
Manage Sign-In for Azure Users Synced to Azure Tenant
Modify All Azure User Properties
Reset Azure User Account Password
View All Azure User Properties
Azure Group Powers:
Add Object to Azure Group
Create Azure Group and Modify All Properties
Delete Azure Group Account
Modify All Azure Group Properties
Remove Object from Azure Group
View All Azure Group Properties
Azure Contact Powers:
Create Azure Contact and Modify All Properties
Delete Azure Contact Account
Modify All Azure Contact Properties
View All Azure Contact Properties
Azure Guest User Account Power:
Invite Azure Guest User
The powers that are listed for Azure user accounts also apply to Azure guest user accounts.
To manage granular level properties for Azure objects, you can create custom powers by selecting specified object attributes.