Azure Directory roles are used to manage the permissions that can be assigned to users. You can assign roles to users so they can perform certain actions such as resetting user passwords, assigning, or removing licenses, adding or removing users, etc.
More than 50+ built-in roles are available in Azure Directory so you can follow the principle of least privilege and assign users the permission that they need to complete the tasks given to them.
Azure Directory roles make sure that the users are not over-privileged
or under-privileged with the permissions given to them. For example, if you want to give a user the permission to create/manage groups, create/manage groups settings such as naming and expiration policies,
and view groups activity and audit reports, then Groups Administrator is the right role that can be assigned to the user.