Microsoft 365
Global Reader
Read-only access across all Microsoft 365 services without the ability to make changes.
Scope: Organization-wide read-only access to all Microsoft 365 services
Permissions
- View all Microsoft 365 and Entra ID settings
- Read all compliance and security configurations
- Access reports and analytics across all services
- Read audit logs and activity reports
Common use cases
- Auditors needing visibility without change capability
- Executives requiring dashboard access
- Compliance monitoring
Best practices
- Use instead of Global Admin for read-only needs
- Combine with service-specific reader roles as needed
Common questions
When should I assign the Global Reader role?
Assign Global Reader when you need to: Auditors needing visibility without change capability; Executives requiring dashboard access; and Compliance monitoring. It is part of Microsoft 365 and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Global Reader role do?
The Global Reader role grants permissions including: View all Microsoft 365 and Entra ID settings; Read all compliance and security configurations; Access reports and analytics across all services; and Read audit logs and activity reports. See the Permissions section above for the full list.