FAQ 000158 – How to create an Exchange view-only admin in Office 365

This article applies to:

Exchange online,

Office 365

Organizations migrating to Office 365 relatively often face a need to give some of the users a restricted, view-only access to Exchange. A typical scenario would be to enable helpdesk personel to check on user settings, but at the same time you don’t want to allow them to make any changes either to user objects or to the Exchange organisation settings.

This can be done by assigning a View-administrators role in Excahnge.

Do the following:

1) In office 365 create an ordinary Office 365 users. (Let’s name it restricted.admin@exchangemaster.ch)

 

2) If you want to perform this on an existing Office 365 user, in his user properties check that he has no Office 365 roles assigned.

 

3) If you created a new user wait until his mailbox is visiable in the Exchange admin center. This will usually take 2-3 minutes.

 

4) In the Exchange admin center go to Permissions / Admin Roles and select the View-Only Organization Management.

 

5) The group dialog box will apper. Add your restricted admin to the group.

 

6) click Save.

 

Since the user has no Office 365 admin roles assigned he will not see the Admin tile in his Office 365 console. So how does he/she get access the Exchange admin console ?


 

In order to access the Exchange admin console directly use the following URL:

https://outlook.office365.com/ecp


 

Once logged in, the user will land into the Exchange admin center.


 

If such user tries to open user properties you will notice that all the fileds are greyed out, which means the designated person will be able to see all the data and settings but not be able to modify anything.


 

With this we have achieved our goal of providing a person with a view-only admin access.

For some purposes this migh be to restrictive. Often the support technicians might in addition also need to see the health status in Office 365 Admin center and to be able to open support tickets with Microsoft Support.

This can be achieved by assigning the Office 365 Service administator role in Office 365 Admin console.

To configure execute the following steps:

1) Open the user properties in Office 365 Admin center. Select Role / Edit

 

2) Select Customized Administrator and then Service Administrator.

 

Since the user now additionally has Service Administrator role, the Admin tile will also apper in his Office 365 portal.


 

Also the he will be able to see the tenant health status in the Office 365 admin center under Health / Service Health.


 

And he will be able to open service requests to Microsoft support under Support / Service Requests.

Tags: |

About the Author:

Dejan Foro
Dejan Foro is founder and CEO of Exchangemaster GmbH. He lives in Zurich, Switzerland and is a dedicated specialist, with 25 years of professional work experience in IT. Before starting Exchangemaster GmbH he worked for 20 years as a system engineer and project manager with customers of all sizes across many industries: From small ISV startups and a NGO humanitarian organizations up to largest international corporations like Stryker, Swisscom, British Telecom and Nyrstar. He spent his entire career delivering Microsoft based infrastructure solutions with main focus on Active Directory and Exchange. During those years, he collected a valuable work experience on 7 Exchange generations (2016, 2013, 2010, 2007, 2003, 2000 and 5.5) and has delivered services to a user base of about 3.2 million mailboxes in on-premise, hybrid and Office 365 deployments. Beside working on customer projects, he is a regular speaker and expert at Microsoft conferences and user groups. As a Microsoft Certified Trainer he teaches Microsoft Official Curriculum courses to technical professionals around Europe. For his work he has received numerous awards. In 2005 he was the first member to be elected into the MCP Hall of Fame by Windows IT Pro Magazine readers choice (as 1 of 6 worldwide). From 2005-2017, Dejan has been awarded by Microsoft Corporation with the yearly Microsoft Most Valuable Professional award in area of Exchange for 12 years in a row (one of approximately 100 worldwide and the only 1 such in Switzerland).

Leave A Comment