Reading time:
3 min

Controlling and Distributing Admin Rights


This blog post covers the most popular capability we provide: distributed Office 365 administration with configurable rights management. Security issues are sometimes self-inflicted by IT administrators because they have been assigned more power than they need. This happens all too often. With the standard Office 365 Admin Center, there is no easy way to assign specific, reduced admin capabilities to remote administrators so that they can support only the users within their geographical or business unit. Instead, these administrators are granted full admin rights over the entire user base, and as you could imagine, they could inadvertently click the wrong button.

Today, all enterprise and most mid-sized organizations are spread across different regions and have remote administrators, or “Shadow IT,” that want to support their local users. This distributed support model makes complete sense and helps take the pressure off the corporate IT administrators. However, you must enable those remote admins with the rights to manage only the users under their ownership. Plus, you should only grant them administration capabilities to perform the tasks that make sense:

  1. Password changes
  2. Managing quotas
  3. Managing clutter
  4. Managing licenses
  5. Etc.

Our CoreView solution enables this capability with the granular control to assign permissions to remote administrators so that they have the safety net to effectively manage only their users and perform only specific admin tasks. The interface we provide to assign these admin rights is extremely simple. You just need to create a permissions group for a category of users (By Geography, By Business Unit, By Billing Code, etc.) and include the remote admins who need to provide day-to-day support for those users. Within that permissions group, you can check the boxes for which admin capabilities you would like to allow.

(Example of Permissions Group with check boxes to assign specific admin rights)
Office 365 permission rights

The permissions are grouped under simple categories (i.e. Mailbox, User, Mobile), so it’s easy to find the ones you would like to assign. When a remote administrator has been assigned to one of these new permissions groups, they can only view the users they’ve been assigned. When they log in to the CoreView console and move to different views of users, licenses, or reports/dashboards, they only get to see the information that pertains to their user base. If they select one or more users and try to perform an update on those accounts, the Actions-Menu only provides access to the admin tasks that they’ve been granted. This helps reduce any confusion around which users they can support, and assuredly removes any chance of inadvertently clicking the wrong button and causing an escalation, which would require an account reset/recovery by corporate IT.

When we architected CoreView, we had IT administrators in mind. If you are interested in finding out more about our CoreView solution and how it can help distribute admin rights to selectively manage Office 365, as well as cut your administration time in half, please visit our overview page online or sign up for a free trial

We are also conducting a webinar on December 7th where we will review and highlight how you can use the new features of the NEW native Power BI Office 365 Adoption functionality to maximize your investment in Office 365.

See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.