Starting in July 2018, Microsoft added some new cool features to help Administrators review roles and permissions in Azure AD. This included a complete list of the built-in roles and a description of what they enabled the member to do, especially making it a lot easier to answer questions such as “How many Global Admins do we have?” or “What permissions does my account have?”
Let’s have a look at this in a bit more detail
So firstly, let’s login to your Azure portal and click on Azure Active Directory
Start by clicking Roles and administrators to display the complete list and a brief description of all the built-in directory roles—including the new delegated app management roles.
You can also see your active Azure AD role assignment (if you have one) and can click Your role to access the list of your active assigned roles.
Microsoft were then really cool and gave us the ability to see exactly what each of these Roles did. For example, if we click on the Exchange Administrator role and then click on Description;
We can quickly and easily start to build a picture of what this role will enable us to do.
Pretty cool, eh? They also steam-lined the process for managing these roles, and also a direct link into Manage PIM.