This article applies to:

Exchange online,

Office 365

Organizations migrating to Office 365 relatively often face a need to give some of the users a restricted, view-only access to Exchange. A typical scenario would be to enable helpdesk personel to check on user settings, but at the same time you don’t want to allow them to make any changes either to user objects or to the Exchange organisation settings.

This can be done by assigning a View-administrators role in Excahnge.

Do the following:

1) In office 365 create an ordinary Office 365 users. (Let’s name it restricted.admin@exchangemaster.ch)

 

2) If you want to perform this on an existing Office 365 user, in his user properties check that he has no Office 365 roles assigned.

 

3) If you created a new user wait until his mailbox is visiable in the Exchange admin center. This will usually take 2-3 minutes.

 

4) In the Exchange admin center go to Permissions / Admin Roles and select the View-Only Organization Management.

 

5) The group dialog box will apper. Add your restricted admin to the group.

 

6) click Save.

 

Since the user has no Office 365 admin roles assigned he will not see the Admin tile in his Office 365 console. So how does he/she get access the Exchange admin console ?


 

In order to access the Exchange admin console directly use the following URL:

https://outlook.office365.com/ecp


 

Once logged in, the user will land into the Exchange admin center.


 

If such user tries to open user properties you will notice that all the fileds are greyed out, which means the designated person will be able to see all the data and settings but not be able to modify anything.


 

With this we have achieved our goal of providing a person with a view-only admin access.

For some purposes this migh be to restrictive. Often the support technicians might in addition also need to see the health status in Office 365 Admin center and to be able to open support tickets with Microsoft Support.

This can be achieved by assigning the Office 365 Service administator role in Office 365 Admin console.

To configure execute the following steps:

1) Open the user properties in Office 365 Admin center. Select Role / Edit

 

2) Select Customized Administrator and then Service Administrator.

 

Since the user now additionally has Service Administrator role, the Admin tile will also apper in his Office 365 portal.


 

Also the he will be able to see the tenant health status in the Office 365 admin center under Health / Service Health.


 

And he will be able to open service requests to Microsoft support under Support / Service Requests.

Dejan Foro