Custom User Roles - 365 Tenant

Adam Wood 1 Reputation point
2021-09-30T16:28:36.213+00:00

Hi all,

I can appreciate the 365 ecosystem has made decent strides in what access roles can be granted to users in a tenant. I'm looking for some assistance with assigning the correct custom roles to achieve the following:

  • Grant a user/s access to amend members of a distribution group - as well as add or remove Owners
  • Grant the same user/s access to amend contact information for user accounts in the tenant

These admins must not be able to access anyone else's mailbox - in other words, they can't be allowed to reset passwords. We're also looking to restrict these admins from being able to view/access other areas of the tenant. They're only allowed to perform the tasks listed above.

It seems that adding Groups Admin permissions is a step in some sort of direction, but what else is missing?

Thanks in advance!

Windows 365 Business
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,341 Reputation points
    2021-10-01T02:04:50.537+00:00

    @Adam Wood Thanks for posting in our Q&A.

    For this issue, it is not related to windows 365. Based on my research, I find that only Global Administrator and User Administrator has the permission to add or delete other users. However, the two roles also have the permission to reset password.

    So, it seems that it doesn't make all the requirements. Given this situation, it is suggested to contact Microsoft 365 to double confirm. Here is the support link:
    https://learn.microsoft.com/en-us/microsoft-365/business-video/get-help-support?view=o365-worldwide

    Hope it will help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments