Introduction
A Microsoft 365 subscription comes with a set of administrative roles that a Microsoft 365 administrator can assign to select users. Each admin role maps to common business functions. They give an organization's users permission to do specific tasks in the admin centers. This module provides a brief overview of the Microsoft 365 admin roles. You learn how to use roles and role groups to control who can do what in your Microsoft 365 environment. You also learn how to delegate admin roles to partners, manage permissions using administrative units, manage SharePoint permissions to prevent oversharing of data, and elevate privileges using Privileged Identity Management.
This module examines the key aspects of the Microsoft 365 permission model, such as how roles are defined, assigned, and scoped, and how they differ from other types of permissions. You also learn how to manage roles for different Microsoft 365 services, such as Exchange Online, SharePoint Online, Teams, and Microsoft Entra ID. This training highlights the best practices and security principles that organizations should follow when configuring administrative roles.
The module also explores the different types of administrator roles in Microsoft 365, including the key permissions assigned to each. An example of the built-in roles that are covered include the Global Administrator, Service Administrator, Billing Administrator, and User Management Administrator. You also learn how to delegate admin roles to external partners and how to monitor and revoke their access.
You also learn how to create and manage role groups, which enable organizations to simplify the role assignment process and consistently apply role permission. Instead of assigning roles directly to users, you create a group and assign specific roles to the group. Members of the group inherit the roles assigned to the group. Finally, you learn how to use administrative units and Privileged Identity Management to limit the scope of role assignments and delegate permissions to specific segments of your organization, and to provide just-in-time and just-enough-access to sensitive resources.