Global Reader role to be able to view audit logs - error don't have the right permissions
I asked my Global Administrator to add my administrator account to be a Global Reader. I would like to read the audit logs. I have logged out of the webbrowser and it has been over an hour since I was granted this access. I have had my account for over a year. I am going to Microsoft 365 Compliance, Audit, search. Before I was given Global Reader, I could get to this area but the search button was grayed out. Now I can enter a search query. https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab I fill in the details and I get an error after I click on the search button. Error Looks like you don't have the right permissions to view this page or this feature isn't part of your organization's Microsoft 365 subscription. To get access, contact the person who assigns permissions or makes purchasing decisions. If you're a new user or were recently assigned permissions, try again in 15 minutes.
'Delete a user' permission needed for license removal?
We're still going through our termination process. We've got most of it mapped out but hit something strange. The people who do this have the following roles in AAD: Help Desk Administrator, License Adminstrator, Password Administrator (needed for 'initiate sign out') SharePoint Administrator (needed for OneDrive sharing) User Administrator In Office Admin, if they use the 'delete' on the user, it should: Show them the licenses that will be removed (works for a global admin, doesn't work for this person) Checkbox prompt to share the user OneDrive (works) Delete the user (errors but expected in our case since we are synced with AD) It's not telling them it's removing the existing license. However, if they do that step separately through the GUI, they have no problem - which is expected because they have the License Admin role. Does the delete script on a user in Office Admin need a different role to remove licenses?
Ensure users installing Outlook add-ins is not allowed affecting integrated apps/add-ins
I'm working on the usual chasing Microsoft Secure Score, one that we have that gives points and takes them away on a weekly basis is this one below. We don't have the three items unchecked in User Roles to accommodate this recommendation. So I figure it is a bugged recommendation. Ensure users installing Outlook add-ins is not allowed However it would be nice to permanently make it so. However, we have another area in M365 Admin that has integrated apps configured for a handful of third party add-ins and of course the Teams Add-In for Outlook. Would this be affected by turning on the above recommendation? Or is this just if the end user goes to add one on their own? Thank you.
