SOLVED

Can we create a custom Office 365 Admin Role

Copper Contributor

We are trying to provide someone access only to the service health dashboard, but the out of the box admin Roles does not seem to allow that without exposing other information (Billing, licenses...etc)

 

Get-MsolRole does not seem to have the New- counter part, anyone knows if this can be done? 

17 Replies

Hi,

 

If you tick only Service administrator, that user should have access the rest.

 

Navigate to  > Admin > users > Add user > Roles > Customised - from drop down select Service administrator.

 

Let me know how you get on

Kamal is correct, Service Administrator role is intended to cover this scenario

Unfortunately, the Service administrator exposes much more than the Service health section (Billing, licenses, users, settings...etc)

 

We only need to provide access to:

1- Service Health

2- Message Center

 

And nothing else.

 

Thanks

The roles we currently have are fully described here: https://support.office.com/en-us/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b... If those roles do not fit your requirements, then post in user voice your idea of this specific role
Thanks Juan,
So as of now, custom roles are not a possibility, right?
best response confirmed by Marwan Al-Shami (Copper Contributor)
Solution
Correct!

Hi there

 

Yes we need customization for admin roles as well. it is very important

We have the same issue

 

One tenant, multiple domains. Need a way to split up Admin user permissions, so they are domain dependant. 

Custom admin roles are critical. Is there a timeline on this as a feature release?

We too are looking for the ability to create custom roles for reporting. While I want to provide some levels of access, the existing security roles provide far more (in some cases) than what I want to give.

Should have  a method to assign every level of admin permission granularly.  For example, I would like to have our IT finance person able to assign Office 365 licenses to users which requires the "User management administrator" role, this however also allows her to add/delete accounts and add/remove users from groups, definitely things I do not want her able to do!

I've also been asking for this for quite some time, either by domain or by any other AAD attribute like Country or Department.

All, has there been any reply from Microsoft on this? 

Not even a whisper

Hello,

 

I am also interested in the solution. Managing and granual premissions are basics.

 

G.

@Marwan Al-Shami 

 

@Marwan Al-Shami

 

 

@Juan Carlos González Martín 

 

Marwan,

Though not directly related to your question, I have been able to create custom roles in Powershell using these 2 Microsoft articles from 2015.  It may be possible to "re-purpose" the commands to accommodate your needs. Just be aware that extensive testing needs to be done due to users assigned to the new role having greater than the desired permissions.

Note. Some commands in the Contacts Delegation article do not work in the O365 PS

 

https://blogs.technet.microsoft.com/rmilne/2015/05/27/allow-users-to-manage-distribution-groups-with...

 

https://blogs.technet.microsoft.com/rmilne/2013/08/07/creating-rbac-role-to-delegate-contact-managem...

 

 

Give a look to CoreView. It provides an enterprise RBAC for M365 including operators’ users scope and custom roles.
1 best response

Accepted Solutions
best response confirmed by Marwan Al-Shami (Copper Contributor)