Planning and Allocating Roles
Delegating and Managing Access
Planning Security and Compliance Roles
The course is part of this learning path
This Managing Azure AD User Roles course will teach you how to plan user roles in Microsoft 365 and how to allocate roles in workloads. You will learn how to configure administrative accounts and how to configure RBAC within Azure AD. You'll also learn how to delegate and manage admin roles.
Later in the course, you will learn how to manage role allocations by using Azure AD and how to plan security and compliance roles for Microsoft 365.
- Plan and Allocate User Roles
- Configure Role-Based Access (RBAC)
- Delegate and Manage Admin Access
- Plan Security and Compliance Roles
- IT professionals who are interested in obtaining Microsoft 365 certification
- Those tasked with configuring and managing Office 365 access
- A moderate understanding of Microsoft 365 and of Azure AD
Although Office 365 limits the need to provision and manage your own on-prem application and communication infrastructure, you're still going to have to manage the Office 365 tenant and perform day-to-day administration tasks. Whether it's subscription management, user management, or configuration management, you are going to have some type of administration to perform. In this lesson, we'll cover the admin options that are available to you and help you understand the different administrative roles within Office 365.
Now obviously, an administrator is the one that manages things like subscriptions, users, and enterprise configurations. That said, it's usually not a single person handling all of these tasks. As such, there are numerous admin roles that can be assigned to split out these functions. On the same token, you can also have several admins that need the same role. In other situations, where there may not be any in-house knowledge, organizations can even outsource all Office 365 administration to a Microsoft Partner.
With Office 365 you can have subordinate administrator roles for a tenant. For example, you have roles that include global administrator, the billing administrator, the service administrator, the password administrator, and the user management administrator. Each role performs specific functions within the tenant. The global administrator role is the most powerful role in Office 365, and it has access to all of the features within Office 365. This role is automatically assigned to the user who initially purchases and sets up the Office 365 subscription.
A global admin can assign other administrator roles, so as far as best practices go, you really need to limit the number of people who are assigned the global administrator role. Billing administrators have the ability to manage things like purchases, subscriptions, and support tickets. Billing administrators can also monitor the service health of Office 365. Password administrators handle user password resets but can also manage service requests and monitor service health as well. It's important to note, however, that password administrators can only reset passwords for end users. They cannot reset passwords for other administrators. Service administrators manage service requests with Microsoft relating to service issues. They can also monitor the Office 365 service dashboard and message center for important information. Service administrators can monitor the health of the Office 365 services, as well as change and release notifications.
It's important to note that the service administrator only has view-only permissions on user configuration settings. The user management administrator typically carries out day-to-day tasks like password resets, service health monitoring, service request management, and even user adds and deletes. However, user management administrators cannot create new administrators, nor can they delete existing ones. Other admin roles that may be available, depending on the enabled features within an Office 365 tenant, include the exchange administrator, the power business information administrator, or power BI administrator, the SharePoint administrator, and the Skype for Business administrator.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.