New Teams Administrative Roles Available in Azure AD

RBAC for Teams Management

In my latest article, I cover the release of four new administrative roles for Teams. The basic idea is that an Office 365 tenant administrator can delegate responsibility for looking after Teams to other people, especially in the more complicated areas of video and audio and telephony where specialized knowledge is often needed to sort out problems, especially when multiple countries, calling plans, and networks are involved.

For now, you must assign the new roles through the Azure Active Directory portal (or with PowerShell) and cannot assign them as custom roles through the Office 365 Admin Center yet, but I expect that change to come soon.

RBAC Common Across Office 365

Limiting administrative access via role-based access control (RBAC) isn’t new inside Office 365. Microsoft introduced RBAC in Exchange 2010 with management role groups, role assignments, and scopes. The Exchange Control Panel (ECP) was the first web-based administrative console to hide options from users based on the RBAC role groups to which they belonged, something that was extended into the Exchange Administration Center (EAC) in Exchange 2013. The technique is used today in Office 365 to control access to options in the Exchange Online EAC, the Office 365 Admin Center, the Security and Compliance Center, and now the Teams and Skype for Business Admin Center (TSBAC).

Suppressing TSBAC Options

Figure 1 illustrates the point. In this case, the user who accesses TSBAC is assigned the Teams Communications Administrator role. TSBAC detects that their account holds the role and limits the options available to the dashboard, user management, and some of the options to manage meetings. Live events policies are missing, but this might be an omission.

Figure 1: Viewing TSBAC options for the Teams Communications Administrator role

The user can’t see the options to manage messaging policies, org-wide settings, or other settings available in TSBAC.

Not every Office 365 tenant will use all the roles now available for TSBAC, but it’s good to see that they exist. It’s a sign of increased maturity in the Teams platform and that Microsoft is thinking about how to make the transition from Skype for Business Online easier for enterprise tenants.

We were able to include details of the new roles in chapters 13 and 16 of the September 20 update of Office 365 for IT Pros. It was kind of a last-minute thing, but it’s the type of late-breaking news that ePublishing accommodates so well and traditional publishing models can’t handle.

One Reply to “New Teams Administrative Roles Available in Azure AD”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.