Forum Discussion
O365 Roles
How can I block the Security and Compliance section of O365 for certain global admins or how can I alter their permissions to still give them access to o365 Except the Security and Complaince.
I need to block the helpdesk from this section due to the nature of some of the searches i do.
I still need to them to be able to assign LIC to new user accounts, make mailbox changes like retention policy, making a user mailbox a shared mailbox, create resource mailboxes etc.
3 Replies
Global Admins in Office 365 by nature have access to all administrative capabilities within the tenant - there is no way to limit this.
Instead, I would look at giving your helpdesk resources a mix of other admin roles to achieve what they need. Here's a good breakdown of those roles: https://support.office.com/en-us/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d
This will also help you comply with Microsoft's recommendation to limit the amount of Global Admins in your tenant (and improve your Office 365 Secure Score!).
Awesome I will look this over.
- Have you reviewed different roles you can configure at the Compliance & Security Center?
