1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Planning for Microsoft 365 Implementation and Migration

Demo - Assign and Secure Admin Roles

Start course
1h 10m

Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.

This course will help you as you plan your migration of users and data to Microsoft 365, including planning your identity and authentication solution, and the on-premises infrastructure needed to support your migration. We’ll also help you understand and identify your business requirements and use cases, to help drive your decision-making process when planning to transition your infrastructure to the Microsoft cloud. We’ll spend some time focusing on networking and discuss some of the networking decisions that need to be made to ensure an optimal migration experience, as well as the best experience for your users after migration.

This course will also help you to identify which data needs to be migrated to the cloud, and what the best migration method will be based on your scenario – we’re also going to cover the different types of user identities, how your users will authenticate, and how that’s going to affect your migration planning.

In addition to talking about these different components, we’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way. 

Learning Objectives

By the end of this course, you should be able to:

  • Plan a Microsoft 365 Implementation, including the supporting infrastructure
  • Plan your identity and authentication solution, both on-premises and in the cloud
  • Identify your users, data, and mailboxes to be migrated to Microsoft 365
  • Plan the migration of your groups and user data to Microsoft 365

Intended Audience

This course is intended for people who:

  • Want to become a Microsoft 365 administrator
  • Are preparing to take the Microsoft’s MS-100 exam 


To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.


Let's take a quick look at assigning admin access to a few of our users and then securing that access with requiring a conditional access policy that enforces MFA for all of our admin accounts. So, from the M365 portal we're gonna come back to users, active users, and I'm gonna pick, say, Jane Cool and we're gonna make Jane a global administrator. 

So, under roles on her account I'm gonna click manage roles and then choose global administrator and save our changes. And then we're also gonna go to Joe and we're gonna make Joe, not a global administrator, but maybe just a help desk administrator. That's all that he needs to do. It's also recommended to give help desk users service administrator so they can see service status whether there's issues in the portal or in the Office 365 services, and you can see more information about the different roles and what they do on the little pop-ups for each role. 

So, I'm gonna save changes, and these guys are done. Now, remember that if this was a production environment I would be creating separate admin accounts for Jane and Joe and making sure that when they used their admin access that they are using admin accounts and not their every day accounts. Or if I'm using privileged identity management I would use their every day accounts but then assign them as being eligible for the roles that I want to give them. 

Now that they're assigned the separate roles we're gonna go into our policies in Azure Active Directory. We're gonna go to Azure AD and go down to conditional access, and we're just going to enable the baseline policy that Microsoft has already put in place. This will be enabled by default in the future, but Microsoft is leaving it disabled by default until some point in the future where they're gonna switch it on, give people lots of chances to get ready for this. We're just gonna click on it and we're gonna see that this policy requires multi-factor authentication for global admins, SharePoint admins, exchange admins, conditional access, and security administrators. So, this will apply to Jane Cool because she's a global admin, but not to Joe because he's a help desk administrator and a service administrator. So, we are going to say use this policy immediately. We're not going to exclude anybody, although you could if you wanted to, and click save. 

Okay, this is gonna take a few minutes to apply, and so what we're gonna do is we're gonna see what happens with this policy. Let's go ahead and sign out of the portal, and then we're gonna sign back in with my account which is a global admin account. This is the first prompt that your administrators will see if they haven't yet registered for multi-factor authentication. This is going to walk them through the sign-up process, allowing them to register a mobile device and to set up the authenticator app if you've allowed for that. So, I'm just gonna click next, and then go through the process to set up MFA from here. And now all of my admins will be prompted for MFA when they log in and they'll be prompted to register for MFA as soon as they sign into the portal app after I've enabled that setting. 

So, make sure that you communicate with your administrators and let them know that this change is coming. Give them a chance to get their MFA configured beforehand or let them know that they need to configure it the next time they log in.

About the Author

Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.

Jeremy can be found blogging about Microsoft 365 technologies on his website, masterandcmdr.com, and evangelizing the Microsoft cloud on Twitter.