Want to improve knowledge sharing in your organization? Sign up for our upcoming webinar “Next Level Knowledge Management in Office 365: Cortex, Yammer Communities and Records.” Register here!


This is an Ignite the Tour session recap. You can read our other recaps below:

Role-based access control is essential for improving the security posture of your organization while providing IT with a focused experience based on permissions. In the Ignite the Tour session “Role-based Access Control in Microsoft 365: Functionalities to Control the Roles,” the presenters talked about how to use the centrally-managed, granular, role-based access control in the Microsoft 365 admin center.

They also dove into the new workload-specific admin and global leader roles while explaining how to select the right administrator permissions and control who has access to your data. Here are some of my favorite takeaways.

microsoft 365

Reduce the Number of Global Admins in Your Organization

A new feature in Office 365 is the ability for organizations to assign “Global Readers” within their organization. The purpose of this role is to provide a way for users to get visibility (in a read-only view) into what the global admin can see, do, and change within their organization.

It’s a Microsoft best practice for there to be no more than five global admins in an entire organization. By having this read-only option available, organizations can cut back on their number of global admins while still offering visibility.

Role Management

Another feature that helps manage roles in your organization is the “Roles” section in the Office 365 admin center. In this portion of the admin center, global admins will be able to identify all persons within the organization who can manage their Microsoft 365 environment. Once you’ve identified everyone and their role within the organization, scheduled health checks can be done to make sure that their role permissions are still relevant.

Microsoft’s Best Practices to Increase Role Visibility

“Roles” in the Admin Center

Monitoring the roles section of the admin center is imperative to getting visibility into users with assigned roles. Having one pane of glass to monitor who’s responsible and enabled for certain tasks within your organization is imperative to role-based management. You can even go so far as to compare roles and able to make changes.

Performing Consistent Audits

With the “Roles” and “Users” views for global admins, auditing will be easier than ever! By checking who has access and control to what in your Office 365 environment, you can minimize the admin bloat in your organization.

Role-Based Access Collaboration Roadmap

This is what Microsoft has planned today and moving forward to help organizations with their role-based access management:

Microsoft Office 365 roadmap resources

Available Today

  • Global reader and 12 other new roles
  • Role management in admin center
  • Search and Export admin list
  • Azure Privileged Identity Management

Rolling Out Today

  • Global admin insight in context
  • Compare roles and favorites

In Development

  • SharePoint support for Global reader
  • New roles with more granular control
  • Greater visibility into who has admin access
  • Simplify finding the least privileged role for each admin

Keep up with all of our Ignite the Tour coverage by subscribing to our blog!