Forum Discussion
Solved
Can we create a custom Office 365 Admin Role
We are trying to provide someone access only to the service health dashboard, but the out of the box admin Roles does not seem to allow that without exposing other information (Billing, licenses...etc)
Get-MsolRole does not seem to have the New- counter part, anyone knows if this can be done?
- Correct!
17 Replies
@Marwan Al-Shami
Marwan,
Though not directly related to your question, I have been able to create custom roles in Powershell using these 2 Microsoft articles from 2015. It may be possible to "re-purpose" the commands to accommodate your needs. Just be aware that extensive testing needs to be done due to users assigned to the new role having greater than the desired permissions.
Note. Some commands in the Contacts Delegation article do not work in the O365 PS
- Give a look to CoreView. It provides an enterprise RBAC for M365 including operators’ users scope and custom roles.
- We too are looking for the ability to create custom roles for reporting. While I want to provide some levels of access, the existing security roles provide far more (in some cases) than what I want to give.
Should have a method to assign every level of admin permission granularly. For example, I would like to have our IT finance person able to assign Office 365 licenses to users which requires the "User management administrator" role, this however also allows her to add/delete accounts and add/remove users from groups, definitely things I do not want her able to do!
I've also been asking for this for quite some time, either by domain or by any other AAD attribute like Country or Department.
All, has there been any reply from Microsoft on this?
Custom admin roles are critical. Is there a timeline on this as a feature release?
Hi,
If you tick only Service administrator, that user should have access the rest.
Navigate to > Admin > users > Add user > Roles > Customised - from drop down select Service administrator.
Let me know how you get on
Unfortunately, the Service administrator exposes much more than the Service health section (Billing, licenses, users, settings...etc)
We only need to provide access to:
1- Service Health
2- Message Center
And nothing else.
Thanks
- The roles we currently have are fully described here: https://support.office.com/en-us/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d?ui=en-US&rs=en-US&ad=US If those roles do not fit your requirements, then post in user voice your idea of this specific role
- Kamal is correct, Service Administrator role is intended to cover this scenario
