Share via


Managing access

To access Microsoft eCDN Portal the following conditions must be met.

  • The user belongs to a tenant with a Microsoft eCDN License.
  • The user has a supported role.
    • Built-in roles
    • App roles

Built-in roles

The following is a list of the M365/Teams users roles that grant access to the Microsoft eCDN Admin Console and their respective permissions.

Role  View Analytics & Reports  Account Configuration Silent Tester 
Global Administrator  Yes  Modify  Modify
Teams Administrator  Yes  Modify  Modify
Teams Communications Administrator  Yes  Modify  Modify
Teams Communications Support Engineer  Yes  Read  Read
Teams Communications Support Specialist  Yes  Read  Read
Global Reader  Yes  Read  Read
Reports Reader  Yes  None  Read

Need to update a user's role? Go to the Role Assignment page in the Microsoft 365 admin console and make sure the intended users of Microsoft eCDN have the appropriate role assigned to them.

Important

Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

For more information about roles and permissions in Microsoft 365 and Teams, see the following links:

App roles

An alternative way to grant access to the Microsoft eCDN Admin Console is by using Microsoft eCDN app roles. The following roles are available.

  • Microsoft eCDN Reader - Read only access to all non-administrative features
  • Microsoft eCDN Writer - Write access to all non-administrative features
  • Microsoft eCDN Admin - Full admin access to all features

Note

At present, the Microsoft eCDN Writer and Microsoft eCDN Admin roles do not differ in the privileges they grant.

Assigning app role to a user through Azure portal

Step Description Image
1. Sign in to the Azure portal.
2. In Microsoft Entra ID, select Enterprise applications in the left-hand navigation menu. Microsoft Entra ID Manage selection pane, Enterprise applications selected
3. Select All applications to view a list of all your applications.
4. Remove the "Application type == Enterprise Applications" filter. Screenshot of 'application type' filter.
5. Search for and select Microsoft eCDN.

If you can’t find the app, see Manually Creating Service Principal.
Microsoft Entra All applications searching for Microsoft ecdn
6. Under Manage, select Users and groups. Microsoft Entra ID Manage selection pane, Users and group selected
7. Select Add user to open the Add Assignment pane.
8. Select the Users and groups selector from the Add Assignment pane. A list of users and security groups is displayed. You can search for a certain user or group and select multiple users and groups that appear in the list.
9. After selecting users and groups, select the Select button to proceed.
10. Continuing in the Add assignment pane, select Select a role. All your defined roles for the application are displayed. Microsoft eCDN customs roles selection; Admin, Reader, Writer
11. Choose a role and select the Select button.
12. Select the Assign button to finish the assignment of users and groups to the app.

Manually creating service principal

If you don't see the Microsoft eCDN app under Enterprise Application, it means your tenant is missing the Service Principal for the app. A Service Principal can be created by running the following PowerShell commands as a tenant admin. After the Service Principal is created, go back to Azure portal and search again for the Microsoft eCDN application.

# Install Microsoft Graph Powershell module
Install-Module Microsoft.Graph -Scope CurrentUser

# Login as a Microsoft Entra user -- the user needs to have permission to create Service Principal
Connect-MgGraph -Scopes "Directory.ReadWrite.All"

# Create Service Principal for Microsoft eCDN app id
New-MgServicePrincipal -AppId 4b84634b-ff80-426f-bdc2-4299b1584916