Summary
In this module, you examined how to configure Microsoft 365 admin roles. Your Microsoft 365 subscription comes with a set of admin roles that you can assign to users in your organization. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers.
This module provided a brief overview of the Microsoft 365 admin roles. It then did a deeper dive into the following roles commonly used across organizations:
- Exchange administrator
- SharePoint administrator
- Modern Desktop administrator
- Security and Compliance administrator
- Teams administrator
This module then introduced you to Microsoft Entra Privileged Identity Management (PIM). PIM enables you to manage, control, and monitor access within your organization. It helps your organization:
- Monitor users assigned privileged roles and administrative roles
- Enable on-demand, "just in time" administrative access to:
- Microsoft Online Services like Microsoft 365 and Intune
- Microsoft Entra resources of subscriptions and resource groups
- individual resources such as virtual machines
- See a history of administrator activation, including what changes administrators made to Microsoft Entra resources.
- Get alerts about changes in administrator assignments.
- Require approval to activate Microsoft Entra privileged admin roles.
- Review membership of administrative roles and require users to provide a justification for continued membership.
The module concluded with a discussion of eligible admins. These users need privileged access periodically, but not all-day, every day. The role is inactive until the user needs access. At that point, the user must complete an activation process to become an active admin for a predetermined amount of time.