Custom User Roles - 365 Tenant

Adam Wood 1 Reputation point

Hi all,

I can appreciate the 365 ecosystem has made decent strides in what access roles can be granted to users in a tenant. I'm looking for some assistance with assigning the correct custom roles to achieve the following:

  • Grant a user/s access to amend members of a distribution group - as well as add or remove Owners
  • Grant the same user/s access to amend contact information for user accounts in the tenant

These admins must not be able to access anyone else's mailbox - in other words, they can't be allowed to reset passwords. We're also looking to restrict these admins from being able to view/access other areas of the tenant. They're only allowed to perform the tasks listed above.

It seems that adding Groups Admin permissions is a step in some sort of direction, but what else is missing?

Thanks in advance!

Windows 365 Business
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Lu Dai-MSFT 24,201 Reputation points Microsoft Vendor

    @Adam Wood Thanks for posting in our Q&A.

    For this issue, it is not related to windows 365. Based on my research, I find that only Global Administrator and User Administrator has the permission to add or delete other users. However, the two roles also have the permission to reset password.

    So, it seems that it doesn't make all the requirements. Given this situation, it is suggested to contact Microsoft 365 to double confirm. Here is the support link:

    Hope it will help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments