Restrict O365 admin portal

Brass Contributor

Hi All,

Can we restrict Office 365 admin portal access, if yes how can we achieve this.

 

Regards,

Prabhakar

7 Replies

That's why we have the different admin roles? Which functionality exactly are you looking to restrict?

Hi Vasil,

Let us take a case of O365 Exchange Online management, Can I restrict the complete portal access and only provide access via remote powershell cmdlets for the support team to perform support activities via RBAC.

I don't think this is possible Today

Let's assume If I have ADFS, when I try to access portal.office.com website then I need to have my username@domain.com and password, as soon as I enter my username@domain.com it would redirect me to the ADFS authentication and should restrict saying that portal access is not allowed. Whatever support activities like basic troubleshooting steps should be made available via the respective remote powershell cmdlets.

The EAC is a special case as it's the only one that actually has a proper RBAC in place, with the UI bits updating dynamically corresponding to the underlying PowerShell cmdlets. So they will only see functionality they have access to. You can "hide" the EAC tile by simply not giving them any Office 365 admin role, but they will still be able to browse to it via the /ecp endpoint.

Let's assume If I have ADFS, when I try to access portal.office.com website then I need to have my username@domain.com and password, as soon as I enter my username@domain.com it would redirect me to the ADFS authentication and should restrict saying that portal access is not allowed. Whatever support activities like basic troubleshooting steps should be made available via the respective remote powershell cmdlets.

You cannot block just a specific URL via AD FS claims rules, you will be blocking every other URL Office 365 uses.