Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrative Units

80 views

Published on

Microsoft 365 M365 Management Made Easy

Do you struggle with administering your Microsoft 365 tenant? Have you ever wished there was an easy way to segment your tenant so you could delegate permissions more granularly to group or site admins?

Microsoft has introduced Administrative Units and they are a great start to creating boundaries within your tenant for user and group administration but are they enough? What about the other Microsoft365 services not covered by Administrative Units?

Microsoft has also announced they’ll be introducing custom roles for Microsoft 365. While currently very limited, they do promise that you’ll be able to get more granular with the permissions you want to assign.

CoreView helps you to easily manage Microsoft 365 by combining multiple Microsoft Admin Centers into a single view so you no longer need to log into multiple admin centers to complete everyday tasks.

With Virtual Tenants (like OUs for Azure AD), you can also segment your tenant by geography, department, or any other AD attribute to limit the admin scope. Virtual Tenants can be applied to any Microsoft 365 object, so they’re not just limited to users and groups.

CoreView also has very granular permissions that allow you to adhere to the least privilege access policy recommended by Microsoft. CoreView permission sets can get as granular as a single attribute without giving the delegated administrator permission to do anything else.

You’ll also see how you can easily delegate the running of PowerShell scripts so once the script is created, anyone with proper CoreView permissions can execute it.

Register now to hear MVP Joel Oleson’s take on Admin Units, and how CoreView can help take them to the next level.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrative Units

  1. 1. Understanding Delegating local Admin Activities With Administrative Units Organizations may be divided by region, business unit, or department but rely on a single tenant. How do they assign rights to a local service desk to only the users and groups they support? CoreView is a SaaS Management Platform for enterprise organizations with M365 at the core of their SaaS stack. CoreView.com joel@joel365.com Collabshow.com Microsoft 365 Administrative Units Contoso Administrative Units Azure Active Directory Regional Departmental Business Unit contoso.com Single Microsoft 365 Tenant Reference: Multi-tenant architecture for large institutions | Microsoft Docs Three Regional IT Operations Multiple on Premises domains Multiple email domains Custom (ex. License) Digital Identity UPN: Charles@contoso.com Tenant: contoso.onmicrosoft.com Computer Domain: amer.contoso.com Azure AD Admin Group: Amer IT Team Charles (Region 1 IT team) AMER Admin Unit contoso.com Administration Central IT Teams Configuration Users Groups Policies Settings Passwords MFA Licensing Helpdesk Staff Teachers Students Co Parents Ext Guestes EMEA Admin Unit contoso.com Administration Central IT Teams Configuration Users Groups Policies Settings Passwords MFA Licensing Helpdesk Staff Teachers Students Co Parents Ext Guestes APAC Admin Unit contoso.com Administration Central IT Teams Configuration Users Groups Policies Settings Passwords MFA Licensing Helpdesk Employees Contractors Vendors Partners Customers Ext Guestes Digital Identity UPN: ichiro@contoso.com Tenant: contoso.onmicrosoft.com Computer Domain: emea.contoso.com Azure AD Admin Group: APAC IT Team Ichiro (Region 3 IT team) Digital Identity UPN: Alice@contoso.com Tenant: contoso.onmicrosoft.com Computer Domain: emea.contoso.com Azure AD Admin Group: EMEA IT Team Alice (Region 2 IT team) APAC IT EMEA IT Team Amer IT Teams

×