This article applies to:
Exchange online,
Office 365
Organizations migrating to Office 365 relatively often face a need to give some of the users a restricted, view-only access to Exchange. A typical scenario would be to enable helpdesk personel to check on user settings, but at the same time you don’t want to allow them to make any changes either to user objects or to the Exchange organisation settings.
This can be done by assigning a View-administrators role in Excahnge.
Do the following:
1) In office 365 create an ordinary Office 365 users. (Let’s name it restricted.admin@exchangemaster.ch)
2) If you want to perform this on an existing Office 365 user, in his user properties check that he has no Office 365 roles assigned.
3) If you created a new user wait until his mailbox is visiable in the Exchange admin center. This will usually take 2-3 minutes.
4) In the Exchange admin center go to Permissions / Admin Roles and select the View-Only Organization Management.
5) The group dialog box will apper. Add your restricted admin to the group.
6) click Save.
Since the user has no Office 365 admin roles assigned he will not see the Admin tile in his Office 365 console. So how does he/she get access the Exchange admin console ?
In order to access the Exchange admin console directly use the following URL:
https://outlook.office365.com/ecp
Once logged in, the user will land into the Exchange admin center.
If such user tries to open user properties you will notice that all the fileds are greyed out, which means the designated person will be able to see all the data and settings but not be able to modify anything.
With this we have achieved our goal of providing a person with a view-only admin access.
For some purposes this migh be to restrictive. Often the support technicians might in addition also need to see the health status in Office 365 Admin center and to be able to open support tickets with Microsoft Support.
This can be achieved by assigning the Office 365 Service administator role in Office 365 Admin console.
To configure execute the following steps:
1) Open the user properties in Office 365 Admin center. Select Role / Edit
2) Select Customized Administrator and then Service Administrator.
Since the user now additionally has Service Administrator role, the Admin tile will also apper in his Office 365 portal.
Also the he will be able to see the tenant health status in the Office 365 admin center under Health / Service Health.
And he will be able to open service requests to Microsoft support under Support / Service Requests.
He lives in Zurich, Switzerland and is a dedicated specialist, with 30 years of professional work experience in IT.
Before starting Exchangemaster GmbH he worked as a system engineer and project manager with customers of all sizes and across many industries: From small ISV startups and a NGO humanitarian organizations up to largest international corporations like Stryker, Swisscom, British Telecom and Nyrstar.
He spent his entire career delivering Microsoft based infrastructure solutions with main focus on Active Directory and Exchange. During those years, he collected a valuable work experience on 8 Exchange generations (2019, 2016, 2013, 2010, 2007, 2003, 2000 and 5.5) and has delivered services to a user base of more than 3.2 million mailboxes in on-premise, hybrid and Office 365 deployments.
Beside working on customer projects, he is a regular speaker and expert at Microsoft conferences and user groups. As a Microsoft Certified Trainer he also teaches Microsoft Official Curriculum courses to technical professionals around Europe.
For his work he has received numerous awards.
In 2005 he was the first member to be elected into the MCP Hall of Fame by Windows IT Pro Magazine readers choice (as 1 of 6 worldwide).
From 2005-2017, Dejan has been awarded by Microsoft Corporation with the yearly Microsoft Most Valuable Professional award in area of Exchange for 12 years in a row (one of approximately 100 worldwide and, at the time, the only 1 such in Switzerland).
- FAQ 000181 – How to enable mailbox auditing using PowerShell - August 1, 2023
- FAQ 000180 – How to set Microsoft Teams Room Device to use internal NTP server - December 15, 2021
- FAQ 000178 – How to change the sender and reply E-mail address in Microsoft Bookings - January 11, 2021
Leave A Comment