Want to improve knowledge sharing in your organization? Sign up for our upcoming webinar “Next Level Knowledge Management in Office 365: Cortex, Yammer Communities and Records.” Register here!
This is an Ignite the Tour session recap. You can read our other recaps below:
Role-based access control is essential for improving the security posture of your organization while providing IT with a focused experience based on permissions. In the Ignite the Tour session “Role-based Access Control in Microsoft 365: Functionalities to Control the Roles,” the presenters talked about how to use the centrally-managed, granular, role-based access control in the Microsoft 365 admin center.
They also dove into the new workload-specific admin and global leader roles while explaining how to select the right administrator permissions and control who has access to your data. Here are some of my favorite takeaways.
Reduce the Number of Global Admins in Your Organization
A new feature in Office 365 is the ability for organizations to assign “Global Readers” within their organization. The purpose of this role is to provide a way for users to get visibility (in a read-only view) into what the global admin can see, do, and change within their organization.
It’s a Microsoft best practice for there to be no more than five global admins in an entire organization. By having this read-only option available, organizations can cut back on their number of global admins while still offering visibility.
Role Management
Another feature that helps manage roles in your organization is the “Roles” section in the Office 365 admin center. In this portion of the admin center, global admins will be able to identify all persons within the organization who can manage their Microsoft 365 environment. Once you’ve identified everyone and their role within the organization, scheduled health checks can be done to make sure that their role permissions are still relevant.
Microsoft’s Best Practices to Increase Role Visibility
“Roles” in the Admin Center
Monitoring the roles section of the admin center is imperative to getting visibility into users with assigned roles. Having one pane of glass to monitor who’s responsible and enabled for certain tasks within your organization is imperative to role-based management. You can even go so far as to compare roles and able to make changes.
Performing Consistent Audits
With the “Roles” and “Users” views for global admins, auditing will be easier than ever! By checking who has access and control to what in your Office 365 environment, you can minimize the admin bloat in your organization.
Role-Based Access Collaboration Roadmap
This is what Microsoft has planned today and moving forward to help organizations with their role-based access management:
Available Today
Global reader and 12 other new roles
Role management in admin center
Search and Export admin list
Azure Privileged Identity Management
Rolling Out Today
Global admin insight in context
Compare roles and favorites
In Development
SharePoint support for Global reader
New roles with more granular control
Greater visibility into who has admin access
Simplify finding the least privileged role for each admin
Spenser Bullock is a former AvePoint Channel Solutions Engineer, focused on enabling partners and their customers to utilize and maximize their Microsoft 365 technology adoption and usage.