September 6, 2022
min read
Man in casual t-shirt working from an office on dual monitors

PowerShell is a very popular and powerful tool for programmatically interacting with M365 tenants. With it, administrators can manage all kinds of elements of Office 365, including users, specific applications within O365, and more.

This very broad range of possible use cases makes it a go-to tool for senior admins and help desk admins alike. However, in order to allow admins with less than full, global permissions to leverage PowerShell, there has to be a way to control what they can do within the system.

PowerShell comes with a built-in system to do this called Just Enough Administration (JEA) which allows senior M365 administrators to define specific actions that admins with fewer permissions within the system can perform. And while this is a handy idea, in practice it is quite complex and can often – ironically enough – lead to even more calls to the help desk from help desk admins as they try to navigate the ins and outs of it.

Is PowerShell Too Powerful?

For example, JEA requires non-global admins to go through a long series of complex steps to perform a pre-defined, controlled command within PowerShell. As your help desk admins won’t be performing these tasks daily, there is a high likelihood that they will generate even more errors as they try to do so when the occasion arises.

CoreView’s Solution to Help Desk Permissions

With CoreView, IT teams won’t need to bother with the complexities of JEA because CoreView has a different – and much more intuitive – approach to managing the permissions of specific admins within your organization.

CoreView’s controls are built around the idea of “Virtual Tenants” that effectively subdivides your larger Office 365 tenant to define specific subsections that admins of a specific type can interact with.

Virtual Tenants control what IT users see

For example, within a large organization, there will likely be help desk admins that are assigned to specific departments.

With CoreView’s approach, an Office 365 tenant can be divided along these same lines, so to speak, so that help desk admins can be granted more permissions within their specific department while also limiting the doling out of unnecessary permissions widely for the sake of the system's security.

PowerShell and CoreView Custom Actions

In addition to providing a straightforward and intuitive approach to assigning specific permissions to help desk admins, CoreView also provides a way to store PowerShell scripts, so they don’t need to be written time and again.

Rather, they can be accessed and reused in workflows that are built from both “custom actions” – i.e., PowerShell scripts stored in CoreView – and built-in actions that come out of the box with CoreView.

For example, CoreView offers a built-in “Dynamic Mappings” action that allows for an intuitive way to parse data that has been retrieved by a PowerShell script and make it available for subsequent workflow steps comprised of built-in CoreView actions.

This means that your help desk admins can use an existing PowerShell script to access a specific set of information from your Azure AD that they need, and they can then very simply work with that information in all sorts of ways to help them more efficiently solve problems that arise within their specific subsection of your organization that they are responsible for overseeing.

And, as described above, CoreView’s Virtual Tenants allow your IT team to define “perfect permissions” for every admin within your organization so that you can focus on providing the most effective tools for a given role without having to worry about granting administrative privileges.

Perfect Permissions screenshot

This combination of highly powerful automation tooling and precise assignment of admin privileges will allow your help desk admins to more effectively solve the problems that are reported to them without having to elevate issues to senior IT administrators time and again, because they either don’t have the tools to perform a given task, or they don’t have the permissions required to do so.


The bottom line here is that PowerShell is a very powerful tool that – if not managed well – could allow non-global admins, such as help desk admins, access to far too many resources to keep your organization in line with security best practices.

Conversely, limiting your help desk admin’s ability to use such a powerful tool altogether is counterproductive, because they won’t be able to perform nearly as many administrative functions without it.

CoreView makes it possible to have the best of both worlds. Not only can help desk administrators leverage the power of PowerShell, but they can also magnify their ability to use it effectively by combining it with CoreView’s wide array of built-in actions through a simple and intuitive workflow definition UI.

Moreover, you can provide such powerful tooling to these admins without concern about over-granting permissions because you can combine this very powerful setup with CoreView’s system of virtual tenants and perfect permissions, so you can control exactly what a given admin can do within your M365 tenant. Want to get your Office 365 tenant under control? Schedule your demo.

Get a personalized demo today

Created by M365 experts, for M365 experts.