May 8 2018
This blog entry is a continuation of our series on improving administration efficiencies in Office 365. This topic covers the management of multi-tenant environments for companies that have grown through mergers and acquisitions over the past several years. For administrators at those types of organizations, I know this blog entry will be eye-opening to ways they can reduce their time spent performing admin tasks. This functionality is also very helpful for managed services providers who perform Office 365 admin tasks for multiple organizations using a centralized support group.
Let’s look at an example in which you want to view all licenses across the different tenants that you manage. These types of converged reports are easily configurable within the CoreView toolset (see screenshot below).
Viewing Multi-Tenant Licensing Report
You can also toggle between the different tenants to view different usage patterns. The example below shows the Spam & Malware traffic report sorted by date range. From the drop-down menu, an administrator can choose from the available tenants that they manage to identify different traffic patterns. And this can be performed from the same admin account logged into the CoreView portal.
Switching Between Tenants to View Spam and Malware Reports
In effect, all Italian employees in the sales organization, but on different Office 365 tenants, are segmented into a specific virtual-tenant grouping that can be assigned to a regional administrator to monitor and manage. That administrator will ONLY be able to perform account update actions and view activities and reports for that segment of users.
New Multi-Tenant User Grouping with Tenant Selection Menu
New Multi-Tenant User Grouping with Selection Filter Menu
The final step is to create the specific set of permissions, or entitlements, that you want to assign to that regional administrator. To do this within CoreView, you just need to go back to the management menu and choose “Manage Permissions.” From there, you can create a new permission template, assign a remote admin with a controlled set of administration actions, and specify a set of reports they will be able to view. The next time that admin logs into their CoreView portal, they will ONLY be able to view that group of users delegated to them and perform ONLY the actions assigned.
There you have it. No native Office 365 administrator rights need to be assigned within the different tenants, so there is no way for a regional administrator to log into the Office 365 portal and make changes directly within a specific tenant or via PowerShell. This ensures that your multi-tenant user community is secure and you can distribute and configure the administration capabilities for your complex, multi-tenant Office 365 environment how you wish.