Forum Discussion
Best Practices O365 Admin Roles
So, there use to be this mentality, or framework, for Office services on-premises, of pursuing least-privileged access design in your administration and services. And, with the the changes in O365, and the symbiotic integration with Azure AD, there is some much lacking community content on that. So, I started writing about this, especially as all Office 365 services are essentially going to be controlled by Office 365 groups as the focal identity. That will change the stack of who needs what role and permission in Office 365 Administration. Anyways, I'll be adding content to it as I can, https://medium.com/@lousimonetti/office-365-lessons-in-least-privileged-security-d7830578c4c2
I think it is an overstatement to say that "all Office 365 services are essentially going to be controlled by Office 365 Groups". That smacks of drinking too much Kool-Aid.
Office 365 Groups are an important infliuence on the service right now and have provided an excellent way for new applications to establish a common identity and access model for members, but extending that to essential control is a stretch that I cannot see for now.