John Yassa's Blog

Home » Microsoft Azure » Finally granular administrative roles are now available in Office 365

Finally granular administrative roles are now available in Office 365

Since Microsoft lunched Office 365 , granular administrative roles was a request from most of their clients

Lets assume that i have an E3 plan , and i have an outsource company to develop my Intranet based on SharePoint Online , the only way to give them permission to do that is to provide them Global administrator permission , which is impossible.

Now Microsoft has fixed this issue by providing new administrative roles ( Exchange administrator – SharePoint administrator – Skype for business administrator)

Enter granular administrative roles to provide Office 365 tenants with a method of assigning control over different parts of Office 365 to specific users. Tenant administrators remain all-powerful, but now they have a chance to share their power with others.

The source of authority for granular management roles lies in groups held in Azure Active Directory (AAD). You can’t see these groups through the AAD console and have to work with them using the Office 365 Admin console or PowerShell. You can see the available roles by running the Get-MsOlRole cmdlet. This command lists the available roles – the ObjectId property is important because you will use it to interact with roles in other places.

2

To assign a user account one of these roles, go to the Office 365 Admin Center, select the account in the Users section, and edit it. Go to Roles and select “Limited admin access” as shown in the screen shot below

You can assign Multiple roles to one user

1

You can also use PowerShell to add user accounts to administrative roles. For instance, here’s how t add a new Exchange Online administrator:

Add-MsOlRoleMember –RoleName ‘Exchange Service Administrator’ –RoleMemberEmailAddress ‘John.yassa@johnyassa.com’

After you assign the user the granular permission , allow him a couple of minutes , he should be able to log-on and see the administrative interfaces as below:

3

 

Sources:  Granular administrative roles appear in Office 365

 

 

 

 


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: