Improved Role Management in the Office 365 Admin Center

Improvements Help Office 365 Admins Get Things Done

Recently Microsoft has steadily increased the functionality of the new Microsoft/Office 365 Admin Center. A major part of the improvements revolve around making it easier for admins to perform different tasks, for example by providing the new user template functionality, the streamlined add domain experience, and more.

Managing Office 365 Roles

Another area of improvement makes it easier to manage roles. It is important that the right roles are assigned to people to allow them to do their work without excessive permissions, and that’s what these updates are all about. First, we got the new admin role assignment experience back in April, then the new Roles tab in the Admin center, displaying a comprehensive list of all the available roles along with granular information about the permissions they include and the users currently assigned to the role.

The Roles tab has been enhanced with search capabilities, allowing you to quickly find the most suitable role to assign to someone. While this might sound like a trivial task, the number of admin roles available in Office 365/Azure AD has now passed the 60 mark, meaning it’s more than likely for the average admin is not familiar with all available roles. In effect, the search functionality allows you to quickly scope the list of available roles to just the ones containing sufficient permissions for the task(s) you want to delegate. For example, Figure 1 shows the roles that allow users to create different types of Groups.

Roles supporting the ability to create a group
Figure 1: Roles supporting the ability to create a group

Comparing Office 365 Admin Roles

In some cases multiple roles match requirements, the Office 365 Admin Center includes an easy way to compare the capabilities of different roles, down to the individual permissions. To do so, select up to three roles, either on the unfiltered list or from the search results, then click Compare roles . You’ll see something like Figure 2, showing the granular set of permissions granted by each role, side by side.

Comparing role capabilities
Figure 2: Comparing role capabilities

Once you’ve identified the roles you should assign to users, you can select a role, open its property page, and use the Assigned admins tab to make new assignments.

Issues

Unfortunately, slight discrepancies exist in some of the role permissions tables. For example, the “Read all resources in Exchange Online” permission is strangely absent from both the Exchange admin and Global admin roles. Some other examples are shown in Figure 3.

Some issues in role comparisons
Figure 3: Some issues in role comparisons

However, being able to compare roles is a new feature and will likely be tweaked as tenants gain experience and give feedback. In addition, you can always look at the comprehensive documentation to get an even more detailed comparison between roles.

More Information

The improvements in role management and many other enhancements to the admin center were discussed in detail at the Microsoft Ignite 2019 conference, most of which you can see demoed in this session: Microsoft 365 admin center demo-fest: Crash course on latest and greatest management tools (THR2116).


Even with improvements in the admin center, Office 365 Admin can be a challenge if you don’t quite know what needs to be done to accomplish tasks. Find out what you need to know by reading the Office 365 for IT Pros eBook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.