Microsoft Announces New Yammer Administrator Role

Now Available in Azure AD

On August 9, Microsoft announced the addition of the Yammer administrator role to Azure AD. Like the other workload-specific administrator roles such as Exchange administrator, Teams administrator, and SharePoint administrator, the new role helps to avoid a proliferation of user accounts assigned the all-powerful Global administrator role. Microsoft says that a user assigned the “Yammer admin role can manage all aspects of the Yammer service, long with modifying Yammer communities without becoming an owner or member of that community.” That’s a long-winded way of saying that accounts holding the Yammer administrator role can manage Yammer.

Interestingly, the Yammer administrator role works for all kinds of Yammer networks. When I first read about the role, I assumed that it was part of Native mode Yammer networks, which is where Yammer embraces Azure AD and the Microsoft 365 ecosystem fully, instead of the older non-native mode networks. Because the new role supports non-native networks, Microsoft can use it in their external Yammer networks such as the one used by the Microsoft Information Protection team for customer communications.

Assigning Yammer Administrators

The easiest way to assign an Azure AD administrative role is through the Azure AD admin center (Figure 1).

Yammer administrator assignments in the Azure AD admin center
Figure 1: Yammer administrator assignments in the Azure AD admin center

You can also assign Azure AD administrative roles with PowerShell, as described in this article. The identifier for the Yammer administrator role is efc777ab-ffb8-4c71-809c-7d1ff399ff54.

Auditing Administrator Assignments

Assigning users to the Yammer administrator role creates an audit event. To find the events in the audit log, you can search using the Microsoft Purview compliance portal or with PowerShell. For example:

$StartDate = (Get-Date).AddDays(-7); $EndDate = (Get-Date).AddDays(1)
[array]$Records = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Formatted -ResultSize 5000 -Operations "add member to role"
If ($Records) {
 ForEach ($Record in $Records) {
   $AuditData = $Record.Auditdata  | convertfrom-json
   [string]$UserName = $AuditData.ObjectId
   [string]$AdminRole = $AuditData.ModifiedProperties[1].NewValue
   If ($AdminRole -eq "Yammer Administrator") {
     Write-Host ("User {0} added to role {1} at {2}" -f $UserName, $AdminRole, $Record.CreationDate ) }
User added to role Yammer Administrator at 11/08/2022 13:08:01
User added to role Yammer Administrator at 10/08/2022 18:02:35

Using the Yammer Administrator Role

It can take a couple of hours for Yammer to synchronize details of new role assignments from Azure AD. When this happens, the role assignees will see the Edit network admin settings option in their Settings menu (Figure 2). This brings up the normal Yammer configuration page to allow the user to amend network settings.

The Yammer administrator option shows up in the Yammer client UI
Figure 2: The Yammer administrator option shows up in the Yammer client UI

A clear distinction exists between accounts holding the Yammer administrator role (treated as verified admins) and those which gain administrative permission for Yammer through another route, like being a tenant administrator (Figure 3). The differences between the different kinds of Yammer admins are explained in this article. Existing holders of the Yammer verified admin role do not automatically receive the Azure AD role. If you want the two sets to match up, you’ll need to assign existing verified admins to the Azure AD Yammer administrator role.

Yammer administrators
Figure 3: Yammer administrators

It’s interesting that Microsoft choose to present the information in this fashion instead of showing all administrators as equal and hiding the complexities of revoking their access (if necessary) behind the scenes.

Bit by Bit, Yammer Becomes More Integrated

Ten years and more after its acquisition by Microsoft, Yammer is steadily becoming more integrated into the Microsoft 365 ecosystem. It’s just a pity that everything seems to take so long. Perhaps Yammer’s focus really is shifting to Viva. That wouldn’t be a bad thing, even if it slows down progress for the traditional browser client and backend.

So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across Office 365. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.