Forum Discussion

Dean_Gross's avatar
Dean_Gross
Silver Contributor
Feb 13, 2017

Secure Score Admin roles

The FAQ at https://support.office.com/en-us/article/Introducing-the-Office-365-Secure-Score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef?ui=en-US&rs=en-US&ad=US#faq states that "custom admin roles" can access the Secure Score site.  Does anyone know what this means? does it mean "service admins"?

 

To the best of my knowledge we cannot create custom admin roles. Am I unaware of another new unnannounced feature?

 

 

microsoft 365
  • Anthony Smith (A.J.)'s avatar
    Anthony Smith (A.J.)
    Oct 29, 2018

    Hi Tony,

     

    The roles are:

    • Exchange Administrator
    • Global Administrator
    • Security Administrator
    • Security Reader
    • SharePoint Administrator
    • Skype for Business Administrator

    We are looking to add the Teams Administrator to the list in the future

  • James Hammonds's avatar
    James Hammonds
    Icon for Microsoft rankMicrosoft
    Feb 14, 2017

    I believe Custom Admin Roles in this context is referring to an admin role that is something other than Global Admin (e.g. Exchange Online Admin, SharePoint Online Admin, etc.).

  • Bedrich Chaloupka's avatar
    Bedrich Chaloupka
    Copper Contributor
    Sep 18, 2018

    In Office 365 are three option. User, Global administrator or Customized administrator, which provides list of different admin roles available to manage services within Office 365. I believe that the reference in the document is to the Customized administrator option in the Office 365 admin center user management. However not all the Customized administrator roles have access to the Secure Score.

    • tony-derricott's avatar
      tony-derricott
      Gold Contributor
      Oct 23, 2018

      I read the same article and assumed that Custom Administrator / Reports Reader would give the access.  My user is telling me it's not working.  Is there a definitive list of which Custom Administrators should get access?  Here's the possibilities:

      • Billing administrator
      • Dynamics 365 service administrator
      • Customer Lockbox access approver
      • Exchange administrator
      • Password administrator
      • License administrator
      • Skype for Business administrator
      • Message Center reader
      • Power BI service administrator
      • Reports reader
      • Service administrator
      • SharePoint administrator
      • User management administrator
      • Anthony Smith (A.J.)'s avatar
        Anthony Smith (A.J.)
        Icon for Microsoft rankMicrosoft
        Oct 24, 2018

        Hi Tony,

         

        The user needs to be a workload (Exchange, SharePoint, etc) admin or have a security role.  You might want to grant the user Security Reader rights via Azure AD to see if that meets their needs.

         

        The other option is to leverage the Secure Score API and build out a dashboard in Power BI or another tool to show them just the data they need.  There are some YouTube videos here and here that might help with this.

Resources