Administrator roles in Office and Microsoft 365 and Azure
Roles in Microsoft 365! We quite often give global administrator rights to people who need to be able to perform tasks within Microsoft 365.
There is a read-only account to allow people to view the Offiec 365 -> Ideal for a vendor or partner.
You can also use Teams Administrator accounts. To delegate specific roles in the organization.
In this blog all the roles listed that are possible by default in Microsoft 365.
|Admin roles||To whom can this role be assigned?|
|Exchange admin||Assign the Exchange-administrator role to users to view and manage the email mailboxes of your users, Microsoft 365 groups and Exchange Online .|
Exchange-administrators can: restore deleted items in a user's mailbox. Manage mailboxes, etc..
|Global admin||Assign the Global Administrator role to users who need global access to most management functions and data in Microsoft's online services.|
Giving too many users global access is a security risk best assign 2-4 administrators.
|Global reader||Assign the role of global reader to users who need to see administrator functions and settings in management centers that the global administrator can see.|
|Groups admin||Manage all group settings in management centers, including the Microsoft 365 management center and Azure Active Directory portal.|
|Helpdesk admin||Assign the Help Desk administrator role to users to do the following:|
Reset passwords, Force users to log out, Manage service requests, Monitor service status
|Office Apps admin||Use the Office cloud policy service to create and manage cloud-based policies for Office, Create and manage service requests, Manage the What's New content users see in their Office apps|
Monitor service status
|Service Support admin||Assign the role of Service Support Administrator as an additional role to administrators or users whose roles do not include the following, but still need to do the following: View and share messages in the message center|
|SharePoint admin||Assign the SharePoint-administrator role to users to access and manage the SharePoint Online -administrator center.|
SharePoint-administrators can also:
create and delete sites, manage site collections and general SharePoint settings
|Teams service admin||Assign the role of Teams service administrator to users to access and manage the Teams management center.|
Service administrators of Teams can also:
Manage meetings, conference bridges
Manage all settings for the entire organization, including federation, team upgrades and client settings for teams
|User admin||Assign the User Administrator role to users to do the following for all users: - Add users and groups - Assign licenses - Manage the properties of most users - Create and manage user views - Update password expiration policies - Manage service requests - Check service status The User Administrator can also perform the following actions for users who are not administrators and for users assigned the following roles: Directory Reader, Guest Inviter, Helpdesk Administrator, Message Center Reader, Report Reader: - Manage user names - Delete and restore users - Reset passwords - Force users to log out - Update (FIDO) device keys|