Controlling and Distributing Admin Rights

4ward365 > Office 365 Management  > Controlling and Distributing Admin Rights
Compliance in Office 365 - 4ward365

Controlling and Distributing Admin Rights

This blog post covers the most popular capability we provide: distributed Office 365 administration with configurable rights management. Security issues are sometimes self-inflicted by IT administrators because they have been assigned more power than they need. This happens all too often. With the standard Office 365 Admin Center, there is no easy way to assign specific, reduced admin capabilities to remote administrators so that they can support only the users within their geographical or business unit. Instead, these administrators are granted full admin rights over the entire user base, and as you could imagine, they could inadvertently click the wrong button.

Today, all enterprise and most mid-sized organizations are spread across different regions and have remote administrators, or “Shadow IT,” that want to support their local users. This distributed support model makes complete sense and helps take the pressure off the corporate IT administrators. However, you must enable those remote admins with the rights to manage only the users under their ownership. Plus, you should only grant them administration capabilities to perform the tasks that make sense:

  1. Password changes
  2. Managing quotas
  3. Managing clutter
  4. Managing licenses
  5. Etc.
Our 4ward365 solution enables this capability with the granular control to assign permissions to remote administrators so that they have the safety net to effectively manage only their users and perform only specific admin tasks. The interface we provide to assign these admin rights is extremely simple. You just need to create a permissions group for a category of users (By Geography, By Business Unit, By Billing Code, etc.) and include the remote admins who need to provide day-to-day support for those users. Within that permissions group, you can check the boxes for which admin capabilities you would like to allow.
(Example of Permissions Group with check boxes to assign specific admin rights)
Office 365 permission rights
The permissions are grouped under simple categories (i.e. Mailbox, User, Mobile), so it’s easy to find the ones you would like to assign. When a remote administrator has been assigned to one of these new permissions groups, they can only view the users they’ve been assigned. When they log in to the 4ward365 console and move to different views of users, licenses, or reports/dashboards, they only get to see the information that pertains to their user base. If they select one or more users and try to perform an update on those accounts, the Actions-Menu only provides access to the admin tasks that they’ve been granted. This helps reduce any confusion around which users they can support, and assuredly removes any chance of inadvertently clicking the wrong button and causing an escalation, which would require an account reset/recovery by corporate IT.
When we architected 4ward365, we had IT administrators in mind. If you are interested in finding out more about our 4ward365 solution and how it can help distribute admin rights to selectively manage Office 365, as well as cut your administration time in half, please visit our overview page online or sign up for a free trial
We are also conducting a webinar on December 7th where we will review and highlight how you can use the new features of the NEW native Power BI Office 365 Adoption functionality to maximize your investment in Office 365.  Hope to see you there! Registration is now open at http://www.controlyourcloud.net/.
  • Was this Helpful ?
  • yes   no
Carl Baumann

With more than 19 years of experience assisting business’ transition to Microsoft solutions, Carl has become a trusted advisor to Microsoft’s worldwide customers and partner ecosystem. He has assisted numerous Fortune 500 companies implement highly successful Office 365 business transformation projects.