New Roles Page in Office 365 Admin Center

Understand What Accounts Hold Administrative Roles

Viewing the holders of the Teams Admin role
Figure 1: Viewing the holders of the Teams Admin role

Office 365 Notification MC183135 (Roadmap item 52624) informs us about a new Roles page added to the modern (opt-in) Office 365 Admin Center. Tenants often have difficulty tracking exactly what account holds what administrative role, and the new page is designed to help. The change is now rolling out across Office 365.

A Mixture of Roles

The roles listed in the Office 365 Admin Center are each given a category:

  • Billing: Users who deal with billing and license allocation.
  • Collaboration: The three roles assigned for Teams, Skype for Business Online admin, SharePoint Online admin, and so on.
  • Devices: Cloud device admin and Desktop Analytics admin.
  • Global: Global tenant administrators.
  • Identity: Roles like Privileged role admin and User admin.
  • Mailflow: Exchange admin.
  • Read-only: Roles like Reports reader and Message Center reader.
  • Security and Compliance: Roles defined for use with the Security and Compliance Center, like Compliance admin and Azure Information Protection admin.

Some, but not all, of the roles align with the roles defined in Azure Active Directory that you can see with the Get-AzureADDirectoryRole cmdlet.

Managing Roles

After you select a role, you see a page with three tabs:

  • The General tab gives some information about the purpose of the role and what holders of the role can do. It also tells you how many accounts currently hold the role.
  • The Assigned Admins tab reveals the accounts that hold the role. You can remove accounts from the role or add new accounts to the role.
  • The Permissions tab tells you the permissions held by the role. For example, the Report reader role has permissions to read all properties on audit logs in Azure Active Directory and Office 365 usage reports.

You can also export the complete set of admin role assignments to a CSV file and edit them with Excel (Figure 2) or even import the data into Power BI.

Viewing Office 365 role assignments in Excel
Figure 2: Viewing Office 365 role assignments in Excel

Good Change

Adding the Roles page to the Admin Center will help tenants manage roles better because it makes the holders of privileged roles more visible. It’s also easier to remove roles from people who no longer need to hold a role, which should reduce the number of privileged accounts within a tenant. It’s a good change.

Read lots more about Office 365 Admin in the Office 365 for IT Pros eBook. This update is a classic example of the kind of change that happens in the service all the time. We track these changes and include them in the monthly updates issued for Office 365 for IT Pros.

One Reply to “New Roles Page in Office 365 Admin Center”

  1. Thanks for the update above Tony. Please note that your spreadsheet export has the category of “mailflow” while your bulleted description says the category is “mailbox.” I checked my role page, and mailflow is correct.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.