As I revised for the MB2-715 exam (Microsoft Dynamics 365 Customer Engagement Online Deployment) I am creating blog posts detailing all aspects of my revision. I hope these posts will aid anyone who is also revising for this exam. In this posts I will review the various Office 365 admin roles.
We have seen in previous posts that Dynamics users are created in Office 365, then assigned a role in Dynamics 365. Assigning this role governs what features of Dynamics 365 will be available and what access they receive to what records. But within Office 365 we also have a number of administration roles which allow the management of users, subscriptions and services available to the organization as a whole.
Global Administration Role
When creating users we have already seen that they can be given global administration access in Office 365. And that you global administrator will, by default, also have systems administration privileges in Dynamics 365.
Global Administrators can perform any management activities in the Office 365 admin center. They are your “top level” administrators.
Note: Global administrators are automatically assigned a systems admin role in Dynamics 365. Importantly this means they can access Dynamics 365 without being assigned a license. BUT, they cannot see any records without a license! Therefore typically they will need a license that will grant them full read-write access in Dynamics 365. If a Global Admin is created without a license their access type in Dynamics 365 would be administrative rather than “read-write”.
Customized Administrator Roles
It is also possible to create custom administration roles that will allocate one or more specific admin features to a user. This is useful when you need to grant limited admin capabilities to a user, without having to give them the full power of the global administrator.
Below you can see a summary of these roles and their capabilities.
Learning the key capabilities of each role might be a useful part of your revision! Take time to study each role and consider what capabilities and limitations each one would have.
|Global Administrator||Accesses all admin features. B y default the person who originally signs up to buy Office 365 will be the global administrator.
Importantly global admins are the only people who can assign other admin roles.
You should ensure all global admins have a mobile phone number and alternate email address assigned. (For support purposes in the event of a fault preventing access to Office 365.)
|Billing Administrator||Billing admins can make purchases, manage subscriptions, manage support tickets and monitor service health.|
|Dynamics 365 Service Administrator||Use this new role to assign users to manage Dynamics 365 at the tenant level without having to assign the more powerful Office 365 global admin privileges. A Dynamics 365 service admin can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Office 365 global admin such as manage user accounts, manage subscriptions, access settings for Office 365 apps like Exchange or SharePoint.|
|Exchange Administrator||Manages mailboxes, auto-spam rules, uses the Exchange admin center.|
|Password Administrator||Can reset passwords, manage service requests and monitor service health. Password admins are limiting to resetting passwords for users. (They cannot reset admin passwords.)|
|Skype for Business Administrator||Configures Skype for business|
|Power BI Administrator||Can access Power BI usage metrics and control organizations use of Power BI.|
|Service Administrator||Opens support requests and views service dashboards / message center. They only have view privileges except for raising support tickets.|
|SharePoint Administrator||Manages document storage in the SharePoint admin center.|
|User Management Administrator||Resets passwords, monitors service health adds and deletes user accounts. Ad manages service requests. Can’t delete the global admin user or change passwords of other admin accounts. Also can’t create other admins.|
Alternate Email Addresses
It is good practice to assign an alternative email address for Global Administrators and other admin roles. See below that I have made “my cat” a billing administrator and assigned an alternate email address. (So one outside of the Office 365 tenant.) This email address might be used if an admin becomes locked out and needs to reset their password. Additionally they may be sent copies of bills to this address.
Hopefully this post has given you a good overview of the admin roles in Office 365 and explained the key points you’ll need to revise for your mB2-715 exam.