How can I determine whether a user is an tenant admin using Microsoft Graph?

Question

I used GET https://graph.microsoft.com/v1.0/me/memberOf with a tenant admin and received the following object in the response:

    {
        "@odata.type": "#microsoft.graph.directoryRole",
        "id": "f68149ec-f518-4905-92d3-cc27f82f54c3",
        "deletedDateTime": null,
        "description": "Company Administrator role has full access to perform any operation in the company scope.",
        "displayName": "Company Administrator",
        "roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
    }

Can I use the roleTemplateId property where the value equals 62e90394-69f5-4237-9190-012177145e10 to determine whether the user is a tenant admin?

Update after initial answers This will only work for admins that have directory permissions which are only available for admins. This won't work for a non-admin users. I was unclear in my original question.

Answer 1

Can I use the roleTemplateId property where the value equals 62e90394-69f5-4237-9190-012177145e10 to determine whether the user is a tenant admin?

For your response, the company administrator means tenant administrator. If you want to use roleTemplateId-value to check, you can use GET https://graph.microsoft.com/v1.0/directoryRoleTemplates/{roleTemplatedID-value}", and the response like this:

In the response, the company administrator means the global administrator.

And as I know, in the single tenant, the company administrator is the tenant administrator.

Answer 2

Based on my test result, you can use the roleTemplateId property where the value equals 62e90394-69f5-4237-9190-012177145e10 to determine whether the user is a tenant admin now. But because there is no official document to state this, so it's not stable,you need to regularly check the update of official documents.