ערוך

שתף באמצעות


Overview of the Microsoft 365 Apps admin center

The Microsoft 365 Apps admin center provides modern management in the cloud for admins who deploy and manage Microsoft 365 Apps in the enterprise. This article lists the features and services available in the admin center.

Requirements

Supported built-in admin roles

You can use the following built-in Microsoft Entra roles for accessing and managing the feature:

Important

Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

Role Description
Office Apps Administrator (Recommended) This role can manage Office apps cloud services, including policy and settings management, and manage the ability to select, unselect, and publish 'what's new' feature content to end-user's devices.
Security Administrator This role can read security information and reports and manage configuration in Microsoft Entra ID and Office 365.
Global Administrator This role can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities.

Note

Global Reader is another built-in role supported by the Microsoft 365 Apps admin center, but it does not support some features like cloud update or the Modern App Settings page.

Licensing requirements

Your user must be assigned to one of the following subscription plans:

Type Subscription Plan
Education
  • Microsoft 365 A3
  • Microsoft 365 A5
  • Business
  • Microsoft 365 Business Standard
  • Microsoft 365 Business Premium
  • Enterprise
  • Office 365 E3
  • Office 365 E5
  • Microsoft 365 E3
  • Microsoft 365 E5
  • Important

    The following plans are not supported:

    • Microsoft 365 operated by 21Vianet
    • Microsoft 365 GCC
    • Microsoft 365 GCC High and DoD

    Product version requirements

    You can manage Microsoft 365 Apps on Windows with the following version requirements:

    Network requirements

    Devices running Microsoft 365 Apps require access to the following endpoints:

    Microsoft service URLs required on allowlist
    Microsoft 365 Apps admin center
  • login.live.com
  • *.office.com
  • *.office.net
  • Office Content Delivery Network (CDN)
  • officecdn.microsoft.com
  • officecdn.microsoft.com.edgesuite.net
  • otelrules.azureedge.net
  • Source: Microsoft 365 URLs and IP address ranges

    Microsoft Entra groups requirements

    Some features support the use of Microsoft Entra groups. For example, groups can be used to configure custom rollout waves or setup device exclusions in cloud update.

    Using Microsoft Entra groups is supported under the following conditions:

    • Both device objects and user objects can be used and also added to the same group.
    • Device objects must be Microsoft Entra joined or hybrid joined.
    • User objects must be present in Microsoft Entra ID and have a supported license assigned.
    • Multiple groups can be used, but a single group should contain no more than 20,000 objects.
    • Nested groups support up to three levels deep.

    Note

    The Cloud Policy Service only supports user objects as the policies set apply on a user level, not device level.

    Cloud Policy service for Microsoft 365

    Note

    "Office cloud policy service" has been renamed to "Cloud Policy service for Microsoft 365." In most cases, we'll just refer to it as Cloud Policy.

    Cloud Policy lets you enforce policy settings for Microsoft 365 Apps for enterprise on a user's device, even if the device isn't domain joined or otherwise managed. When a user signs into Microsoft 365 Apps for enterprise on a device, the policy settings roam to that device. You can also enforce some policy settings for Office for the web, both for users who are signed in and for users who access documents anonymously.

    For more information, see Overview of Cloud Policy service for Microsoft 365.

    Office Customization Tool

    The Office Customization Tool creates the configuration files that are used to deploy Office in large organizations. These configuration files give you more control over an Office installation: you can define which applications and languages are installed, how those applications should be updated, and application preferences. After creating the configuration files, you can use them with the Office Deployment Tool to deploy a customized version of Office.

    Note

    • If you don't sign in to the Microsoft 365 Apps admin center, you can still use the Office Customization Tool regardless of which plan you have.
    • Office 365 GCC customers can sign in and use the Office Customization Tool.

    For more information, see Overview of the Office Customization Tool.

    Microsoft 365 Apps health

    Microsoft 365 Apps health monitors reliability and performance metrics and provides custom guidance to help optimize and troubleshoot Microsoft 365 Apps on your client devices. If you're curious about application crash rate or boot time on a specific Microsoft 365 Apps version, you can see the insights within Apps Health. For more information, see Microsoft 365 Apps health.

    Inventory

    You can use the inventory page to see information about the devices in your organization, including hardware, operating system, and the Office software running on that device. Insights about channel, version, build, and even last signed in user are available. For more information, see Overview of inventory.

    Security update status

    You can use the security update status page in the Microsoft 365 Apps admin center to see which devices have installed the latest security updates for Office. Additionally, set a goal for your organization to achieve. For more information, see Overview of the security update status.

    Cloud update

    With cloud update, you can automatically deliver monthly Microsoft 365 Apps updates to devices on Current Channel or Monthly Enterprise Channel. The updates are automated and sourced from the Office Content Delivery Network (CDN) on the internet, which allows for maximum uptime and minimizing end user impact and interruption. For more information, see Overview of cloud update.

    Update validation

    Update validation enables administrators to test updates on a select group of devices prior to a full rollout. This feature safeguards against update-related disruptions by monitoring key performance and stability metrics. It delivers precise insights for proactive issue resolution, empowering admins to deploy updates with assurance. If issues are detected, it pinpoints the impacted devices and apps, offering solutions such as rollback or update suspension. For more information, see Update Validation.

    OneDrive sync health

    You can use the OneDrive sync health dashboard to check the sync status and sync app version of individual devices, monitor Known Folder Move roll out, and track sync errors. For more information, see OneDrive sync reports in the Apps Admin Center.