We are interested to know about the Delegation Model for various of Office 365 online services in conjunction with Azure Active Directory.
The right assignment management is always a pain since every product has a different delegation model. We are looking to restrict and give only the necessary permission for Help Desk and Administrators without giving Global Admin right.
Hi Charbel, privileged access management in Office 365 helps with this
by enabling admins to delegate specific administrative tasks within
office workloads. Azure AD also has plans to enable more granular
control and delegation in the near future.
I have seen that document. A follow-up question, we have now Office 365 admin roles and Azure AD admin roles.
Which one should I use to create my delegation model. Some admin roles overlap between the two.
For example, if a user is assigned an admin role in Azure AD, this user will have the same permissions across all of the cloud services that the company has subscribed to, regardless of whether you assign the role in the Office 365 admin center, or in the Azure portal, or by using the Azure AD module for Windows PowerShell.
Should I use Office 365 to assign admin roles including Exchange, SharePoint, Skype for Business. Or Azure AD?