Please visit this KB article for further info
Microsoft has changed their functionality in Azure Active Directory for how permissions for Enterprise Applications such as CyberQP can be assigned to built in roles.
Previously an enterprise application could be added directly to a built in Azure Active Directory role such as the Privileged Authentication Administrator or Global Admin role etc. Microsoft has now removed this functionality.
This does not impact any previously setup CyberQP integrations where CyberQP was already added to a built in role which authorizes CyberQP to reset passwords in Office 365 / Azure AD tenants.
This change does impact any new integration setups between CyberQP and Office 365. The new procedure is to add enterprise applications to built in groups in Azure AD by creating a security group, add the CyberQP enterprise application to the security group and add the security group to the role. This accomplishes the same objective as before.
To access this new feature the tenant must have at least one Azure AD P1 license assigned. There is no requirement for each account to have this license only one.