Delegating Admin Capabilities for Office 365 (Part 2) – Empowering Help Desk Support
This blog entry is a continuation of our series on improving administration efficiencies in Office 365. In this writeup we will cover the empowerment of help desk and regional IT support for companies that want to assign front-level call centers and remote line-of-business support with basic admin rights to perform simple actions based on user requests. By enabling this delegation, many support requests can be handled immediately while the help desk has the end user on the phone. This improves call center response time metrics and increases user satisfaction ratings for IT.
Grouping Users by Account Attribute Filters
Let’s say you want to enable a regional help desk. First, you need to group your users based on that specific region or business unit / department. To perform this function, go into the management menu of CoreView and select “Manage Groups.” Next, find the users that you want to group by using the simple drop-down menus to create filters based on specific AD attributes that those users have in their account information. For instance, in the example below, a new regional group called “Italy Sales” is created, and the selection filter to delegate what users will be included indicates “Country = Italy” and “Department = Sales.” As a result, all Italian employees in the sales organization are segmented into a specific grouping that can be assigned to regional help desk personnel for monitoring and management. Those help desk engineers will ONLY be able to perform account updates and view activities and reports for that group of users.
Customized Admin Permissions for Regional Management
The final step is to create the specific set of permissions, or entitlements, that you want to assign to that regional help desk support person. To do this within CoreView, simply go back to the management menu and choose “Manage Permissions.” From there, you can create a new permission template, assign the associated help desk personnel with a controlled set of administration actions, and specify a set of reports they will be able to view. The available reports and admin actions can be easily chosen from selection menus as shown in the example screenshots below.
Once you have assigned a list of users to the membership of a group (i.e. by Country and Department) and assigned a specific help desk personnel to be restricted by the scope of that group, you have successfully controlled the list of users that the support person can monitor. In addition, once you have assigned a help desk agent to a specific permission record and selected what reports they can view and what actions they can perform (i.e. manage passwords), you have effectively delegated role-based access control (RBAC) and admin actions within Office 365. Now, when the help desk agent logs onto the CoreView portal, they will only be able to make changes to the users you’ve granted access and only perform the admin actions that you’ve specifically assigned. Congratulations, you’ve successfully delegated a controlled set of management rights to a help desk agent! This capability is also useful when training new IT administrators. You can start with very basic actions that they’re allowed to perform, and as they become more experienced you can expand those actions to meet their support scope.
The added bonus of using this model is that it is completely secure. Since there are no native Office 365 administrator rights needed within the tenant for these help desk agents, there is no way for them to log onto the Office 365 portal and make any changes directly within the tenant or via PowerShell. With CoreView, a service account performs all the actions requested through the UI. This keeps your overall user community secure and you can distribute and delegate the administration for your Office 365 environment how you want.