Overview of User Roles
Overview of User Roles

This Managing Azure AD User Roles course will teach you how to plan user roles in Microsoft 365 and how to allocate roles in workloads. You will learn how to configure administrative accounts and how to configure RBAC within Azure AD. You'll also learn how to delegate and manage admin roles.

Later in the course, you will learn how to manage role allocations by using Azure AD and how to plan security and compliance roles for Microsoft 365.

Learning Objectives

  • Plan and Allocate User Roles
  • Configure Role-Based Access (RBAC)
  • Delegate and Manage Admin Access
  • Plan Security and Compliance Roles

Intended Audience

  • IT professionals who are interested in obtaining Microsoft 365 certification
  • Those tasked with configuring and managing Office 365 access


  • A moderate understanding of Microsoft 365 and of Azure AD

When planning user roles for your end users, it's important to first understand what roles are available and what access each available role provides. In this lesson, we're going to cover several key roles that can be assigned to a user in Office 365. 

The roles that we're going to cover include the user role, the global admin role, some of the limited admin roles, and several workload-specific roles. The limited admin roles include things like billing administrator, help desk administrator, service administrator, and user management administrator. The workload-specific roles include roles such as the teams communications administrator, the exchange administrator role, and the Skype for Business administrator role. We'll also cover the SharePoint administrator role. 

Other customized roles that can be assigned to users include things like the Power BI Service Administrator, the Dynamics 365 Service Administrator, and more. The default user role is for normal users. It provides no admin access to anything whatsoever. This is the role most users will be assigned. The global admin role essentially has the keys to the kingdom. This account can access all administrative features in Office 365. The person that signs up for the Office 365 tenant, by default, becomes a global admin. Limited admin roles like billing administrator, help desk administrator, and such are designed to allow the user that's been assigned this role to perform specific sub-tasks within a tenant. For example, the billing administrator role can make purchases, manage subscriptions, open and manage support tickets, and monitor service health. 

Other limited admin roles, like the user management administrator role, can do things like reset passwords, monitor service health, add and delete user accounts, and manage group memberships. The workload-specific roles are pretty self-explanatory. For example, users assigned the exchange administrator role can manage mailboxes and anti-spam policies, while users assigned the SharePoint administrator role can manage file storage in SharePoint Online. 

For a complete list of user roles that are available in Office 365, along with a detailed look at what each role can do, visit the URL that you see on your screen. As you work through the deployment of Office 365 and even the day-to-day management of it, it's important to understand which users need access to which resources so you can assign them the proper roles.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.