As you know, Azure Active Directory provides a large list of administration roles to allow delegating administration tasks and reduce the need to grant the more powerful global administrator role.
Well, 2 new roles are now available:
- Authentication policy administrator to delegate the permissions to manage the authentication methods enabled on Azure AD and associated tasks (multi factor authentication and password policy)
- Domain name administrator to delegate domain names management (add, read, remove or update the domain(s) associated with your Azure AD tenant)