> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AZPrivilegedRoleAdmin

> The principal has the Privileged Role Administrator Entra ID role active against the target tenant.

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Abuse Info

The role can grant any other admin role to another principal at the tenant level. Activate the Global Admin role for yourself or for another user using PowerZure or PowerShell.

## Opsec Considerations

The Azure Activity Log will log who activated an admin role for what other principal, including the date and time.

## References

* [Microsoft Entra built-in roles: Privileged Role Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#privileged-role-administrator)
* [https://powerzure.readthedocs.io/en/latest/Functions/operational.html#add-azureadrole](https://powerzure.readthedocs.io/en/latest/Functions/operational.html#add-azureadrole)