Delegating Admin Capabilities for Office 365
IN THIS TOPIC:
This blog entry is a continuation of our series on improving administration efficiencies in Office 365. Today, we will cover the empowerment of help desk support for companies that want to assign front-level call centers with basic admin rights to perform simple actions based on user requests. By enabling this delegation, many support requests can be handled immediately while the help desk has the end user on the phone. This improves call center response time metrics and increases user satisfaction ratings for IT.
Grouping Users by Account Attribute FiltersLet’s say you want to enable a regional help desk. First, you need to group your users based on that specific region or country. To perform this function, go into the management menu of CoreView and select “Manage Groups.” Next, find the users that you want to group by using the simple drop-down menus to create filters based on specific attributes that those users have in their account information. For instance, in the example below, a new regional group called “Italy Sales” is created, and the selection filter to delegate what users will be included indicates “Country = Italy” and “Department = Sales.” As a result, all Italian employees in the sales organization are segmented into a specific grouping that can be assigned to regional help desk personnel for monitoring and management. Those help desk engineers will ONLY be able to perform account updates and view activities and reports for that list of users.
Customized Admin Permissions for Regional ManagementThe final step is to create the specific set of permissions, or entitlements, that you want to assign to that regional help desk. To do this within CoreView, simply go back to the management menu and choose “Manage Permissions.” From there, you can create a new permission template, assign the associated help desk engineers with a controlled set of administration actions, and specify a set of reports they will be able to view. The available reports and admin actions can be chosen from selection menus as shown in the example screenshots below.
Once you have assigned a list of users to the membership of a group (i.e. by Country and Department) and assigned a specific help desk engineer to be restricted by the scope of that group, you have successfully controlled the list of users that the engineer can monitor. In addition, once you have assigned a help desk engineer to a specific permission record and selected what reports they can view and what actions they can perform (i.e. manage passwords), you have effectively delegated role-based access control (RBAC) and admin actions within Office 365. Now, when the help desk engineer logs onto the CoreView portal, they will only be able to make changes to the users you’ve granted access to and perform admin actions that you’ve specifically assigned. Congratulations, you’ve successfully assigned a controlled set of management rights to a help desk engineer! This capability is also useful when training new administrators. You can start with very basic actions that they’re allowed to perform, and as they become more experienced, expand those actions to meet their needs.
There you have it. Since there are no native Office 365 administrator rights needed within the tenant for these regional admins, there is no way for them to log onto the Office 365 portal and make any changes directly within the tenant or via PowerShell. With CoreView, a service account performs all the actions requested through the UI. So, your overall user community is secure and you can distribute and delegate the administration for your Office 365 environment how you want.