The Microsoft 365 admin center—admin.microsoft.com—is the hub of the Microsoft 365 ecosystem. As part of our ongoing efforts to improve your Microsoft 365 admin experience, we’ve made a variety of security, productivity, and networking enhancements in Microsoft 365 that we’re excited to share with you at Microsoft Ignite. Here’s a rundown of some of things we’re announcing and talking about in Orlando this week. At the end of this blog you’ll find links to the pages where after the event you can download the presentations and recordings of the sessions where all of this is covered.
You’ve given us feedback in a number of areas, and in response, we’ve added features that make it easier and more efficient to manage Microsoft 365 for your organization. Based on customer feedback, we added features that enable you to reduce the number of Global admins in your organization, identify least privileged roles, export and view role assignments, and much more.
You’ve told us that too many admin tasks require the use of the Azure Active Directory (Azure AD) Global administrator (Global admin) role. The Global admin role is the highest privileged role within Microsoft 365, and it’s the only role with access to all administrative functions in Azure AD and services that use Azure AD identities. It’s also an account type that is specifically targeted in attacks, and often compromised at twice the rate of other admin accounts. For this and other reasons, it’s a best practice to limit the number of Global admins within an organization; in fact, we recommend that you assign this role to fewer than 5 users in your organization.
To help increase your security posture by minimizing the use of the Global admin role, we’ve introduced new built-in Azure AD roles, including a Global reader role, which is a read-only counterpart to the Global admin role. And we’ve added support for the Global reader role to Microsoft 365 and in the Microsoft 365 admin center, allowing you to reduce the number of and burden on Global admins in your organization.
Unlike the Global admin role, which can be used to change all administrative settings, the Global reader role can only view these settings. Users with the Global reader role can read settings and administrative information across Microsoft 365 services, but they can't take any actions. This level of access means you can assign the Global reader role to users in your organization that need to support administrative functions, such as planning, audits, and investigations, without having to grant a higher level of privileges than is necessary. The Global reader role can also be combined with other administrative roles (for example, Exchange admin) to more finely control and scope the assignment of admin privileges in your organization.
You’ve told us that it’s difficult to identify the least privileged role needed for admin tasks, and that it can be time-consuming to understand what each admin needs to do and to find the right role for their tasks. When struggling to figure out what role to assign, some customers told us they gave up trying and just assigned the Global admin role to anyone who needs to perform any admin tasks.
We’ve added features to the Microsoft 365 admin center that help you overcome these challenges. We’ve enhanced the search capabilities to allow you to search across role names, descriptions, and permissions using a string match.
With the new Compare roles feature, you can select up to three roles to compare side-by-side in a table that shows the granular permissions included in each role.
Figure 1 – Search across and compare roles in the Microsoft 365 admin center
Figure 2 - Comparing Application admin and Application developer roles
By comparing different roles, you can quickly find the least permissive role to assign. You can also search across the selected roles to find and compare specific permissions.
Figure 3 - Searching for delete permissions in compared roles
Using the Export option shown above, you can export the role comparison to a CSV file.
Figure 4 - Export role comparison to CSV
The Roles page now allows you to favorite the roles that align best to your organization’s specific job functions. You can filter the displayed list of roles by Favorites, making these more readily available to you.
Figure 5 - Filtered view of roles that have been favorited
You’ve told us that creating multiple users with the same settings can be frustrating and time-consuming. To help streamline user management, we added user templates on the Active users page that allow you to quickly add new users with shared attributes, such as:
Templates are particularly useful if you have users who share many properties, like those who work in the same role and the same location. There are two ways to add a new template. You can add one from the Active users page or, when you add a new user, you can save these settings for that user as a template.
Figure 6 - User templates available on the Active users page
For more information, see New to admin center: Templates for adding users faster.
We made a number of enhancements to Office 365 Groups, which power collaboration across Microsoft 365 by enabling users in your organization to share knowledge and information using email, calendaring, documents and more. These enhancements include support for sensitivity labels, activity-based renewal and expiration, the addition of the Groups administrator role in Azure Active Directory, and more.
You told us that you want the ability to control communication of new Office features to your users. We added new capabilities that put you in control of your users’ experience with the What’s New section of the Office desktop app Help pane. As we announced at Ignite, these capabilities are currently in preview, and we plan to make them generally available early next year.
Figure 7 - What's New in the Help panel of the Office client
You can hide or show What’s new content on Office client apps as relevant to your organization. When an important Office feature is released, users will get a "What's new" card about it. If you don't want users to see the card, you can hide it. You can also choose when you'd like users to see the card by showing it.
Figure 8 - Hiding and showing What's new for Office apps items
We made several changes to the Setup page that enable you to discover, learn, and activate features across Microsoft 365. For example, we added new AI-powered and contextual recommendations based on your current configuration and activities, and for reducing costs by enabling self-service features. We also added recommendations for increasing protection from risks and threats, maintaining compliance with data regulations, migrating data, and deploying and updating Office apps.
Figure 9 – New experiences in Microsoft 365 admin center
When you click View for a recommendation, you’ll see that each one includes details about the recommended feature, including what the feature does and why it is recommended, at-a-glance information that is specific to the recommendation, and details on how users may be affected by the implementation of the feature.
Figure 10 - Viewing a recommendation in the Microsoft 365 admin center
If a recommended feature has not yet been implemented, and you have been assigned the appropriate admin role, you can click Get Started to begin the implementation process. If the feature has been implemented, you can click Manage to view and configure the feature.
Figure 11 - Blade showing users with Security administrator role
Using the Global reader role to access the Microsoft 365 admin center is a powerful and more secure way to perform planning and auditing activities for Microsoft 365, as a Global reader can view and assess the recommendations, learn about implementation steps and user impact, and see current administrative assignments without making any tenant or configuration changes.
Figure 12 - Viewing recommendations as a Global reader
We are adding a powerful new crowd sourcing solution to report issues from the Service health dashboard in the Microsoft 365 admin center. If you are impacted by an issue that is not yet shown on your Service health dashboard, the new “report an Issue” feature will provide you with a quick and easy way to let us know about the problem. This feature is a direct input to the engineering teams and helps us identify broadly impacting issues. All you need to do is to click on “Report an Issue” button and provide some basic information about the issues you are experiencing. Based on the correlation of the signal across tenants, we will be able to start our investigation immediately, and the richer context enables more accurate detection and faster resolution.
Figure 13 – Reporting an issue in Service Health Dashboard
We announced a preview program for network performance insights and a network score in the Microsoft 365 admin center. A significant factor that determines the quality of the Office 365 user experience is network reliability and low latency between Office 365 clients and Office 365 service front doors. Microsoft measures network performance between client applications and our cloud servers to help plan and operate our services. These measurements are now being used to provide network architecture design insights that are shown in the network performance page on the Microsoft 365 admin center. Network insights show recommended network architecture design changes and the network score shows how network connectivity impacts user experience which allows comparison of how well different user location connections are designed for Office 365 network traffic. For complete details, see Enterprise network connectivity and network performance measurement in the Microsoft 365 Admin Cente....
We announced a set of partnerships to help you build and optimize your network solutions for the best Office 365 experience. We created the Office 365 Networking Partner Program to help align our partner ecosystem around key principles for optimal connectivity. The program enables us to deepen our collaboration with network partners that natively build Office 365 networking connectivity principles into their networking products and solutions. For more information, see Office 365 announces new network connectivity innovations and partnerships.
We announced that Azure Cloud Shell, which enables you to manage your resources from an authenticated, browser-based, interactive PowerShell experience, is now available within the Microsoft 365 admin center. The Exchange Online and the Teams modules are currently available for use, and more experiences are coming in the future.
So far we’ve only scratched the surface of the Microsoft 365 admin experience improvements we shared at Ignite. There’s so much more goodness to talk about, so read What's new in the Microsoft 365 admin center, and check out these Ignite sessions using the following links.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.