This week I was asked about the possibilities of delegation in Office 365, so what kind of options do we have to give certain people the rights to manage parts of Office 365. This client has multiple ICT offices with their own people to manage their own services. They now going to one Office 365 tenant and want to have the same possibilities to manage the services within Office 365.
In Office 365 you have a few levels of administration. You have the global administrator role, this is the highest level in Office 365 and can manage all the parts within Office 365. So the advice here is to have only a few people in your organization to have this role and preferable with a specific admin account.
The Global administration role can also be obtained thru the option “Delegated Admins”.
This option gives you as a tenant owner the possibility to give an external company access to your tenant to manage Office 365. They become a Global administrator of your tenant. This is the highest level of delegated administration.
Other options are giving users specific rights to a part of you tenant. This can be a billing administrator or an administrator for an application within your tenant
The limited Admin roles makes it possible to give a certain user the possibility to manage only 1 part of your tenant. Within these roles you cannot select any degree of management. That user is an admin of that part. So when you select “Exchange administrator”, the user can manage every setting that is related to Exchange.
For SharePoint you have some kind of delegation besides the limited admin role of SharePoint administrator. This is to give a group of users or a single user a site collection and make him a site collection owner.
This article is also on MicrosoftHelden.nl