Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Partners cannot access Security and Compliance Center

Steel Contributor

Partners haven't been able to access the Security and Compliance center on behalf of their clients for almost 18 months now. Last we heard on this was from @Scott Landry back in July of 2019, but it's been silence since then. Is anyone on the Security and Compliance team working with the Microsoft Partner Center team on this?? This is the one item that's keeping us from being able to exclusively work from our Delegated Admin accounts. As it stands now we still have to share a generic global admin account with all our employees just so they can manage certain aspects of our client's Office 365 subscription.

 

https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/34423372-al...

 

2020-03-05 20_13_14-Customers _ Partner Center.png

8 Replies

PowerShell should support delegated access to the SCC. There's also some work being done on the UI, see roadmap item #60975.

Roadmap #60975 only applies to the Office 365 Admin center. I used this feature today - it's nice, but unrelated to my post about the S&C Center.

The PowerShell you're referring to connects to Exchange Online and a handful of MSOL commands. Useful, but doesn't apply to my use case here. I need my techs to access UI features that are only available in our clients' S&C Centers. 

@Paul Youngberg 

 

Don't worry, they'll give us access to it by 2025, after it's been depreciated and renamed and no longer useful...

 

I normally don't complain, but what the hell...

I am replying on behalf of my organization and to reiterate what I've told the MS partner support team + the regular O365 support team.

 

1.) Partner relationships specifically have Global Admin privileges. Global Admin privileges specifically state access to the Security & Compliance centers. The fact that O365 tenant management within the partner center is missing the Security & Compliance center access is a contradiction of Microsoft's own stated policies.

 

2.) The Security & Compliance center has several aspects that are accessible from other admin centers; Spam filter/policy, message trace, DKIM, etc. which are accessible through the old & new Exchange admin centers. Audit log search is also somewhat accessible through the Azure admin center. Limiting access to Security & compliance center for security reasons doesn't really make sense considering so much of it is accessible from other areas.

 

3.) In order to fully manage a tenant, administrators will need access to the Security & Compliance center. If we need a dedicated Global Admin account to fully manage a tenant, this renders administering a tenant through the partner portal completely useless.

 

4.) Best practices from Microsoft say every admin should have their own account and not a shared one, but says you shouldn't have more than 4 global admins. For us, as an MSP, this is impossible to achieve due to the amount of employees.

 

This decision seems arbitrary and senseless. IT renders managing a tenant through the partner portal useless because a global admin account will always be needed regardless.

I concur. The partner center is useless if we cannot manage our customers. This is a constant fight and time consuming for us to manage.

So it's 2022 and it looks like the prediction above about finally getting partner access back by 2025 my be a bit optimistic.

 

I still have yet to speak to a single other MSP who having success getting MS to understand that major stakeholders (IT Tech's working in MSP's) are rightly getting beyond pissed off by all this now.

 

There is the same feedback all over the internet, changes made for no reason, dumb changes that in now way line up with stated policy goals..

 

Obviously they would rather count money than give us the systems we need to do our jobs safely and securely without stress...

 

#rantover.

so it's 2023.....MSPs are struck by GDAP and NCE licensing effectively making it impossible to use our support chains on customers with Microsoft licensing, Godaddy and other ISPs are making tenants on default this locking out MSPs for 12 months and making it hard to deal with

Purvie/compliance and security is still on a Global admin level only

Pretty sure MSPs are not in Microsofts gameplan future

@Fastidius Indeed, they have never been, and it's not going to improve anytime soon, as MS has been seen contacting end users behind some MSPs back.

Right now, I have access to some of my customers' MTO, but the ones I still don't have access to are the ones on which the role is "Full Administration".

I already setup the GDAP roles on those tenants, so it would be on the new system, but it doesn't seem to switch to it...

There would be so much to say about MS service that writing a whole book about it would take at least 10 years...