Managing Microsoft 365 workloads responsibility

In this blog post I will talk about the way to effectively managing the M365 workloads within multiple IT teams and learn how to maintain the thin line between R&R. Administrator  have access to sensitive data and files, hence Microsoft recommend that you follow the guidelines to keep your organization’s data more secure and define with the right admin permission.

Define the boundary

Identify the teams those are responsible for each workload. You need to understand the R&R and make sure its aligned with team technical capability. Admins need to be able to manage all settings/policy for workloads they are responsible without changing other configuration of different workloads. Tier-1 team play a very vital role in handling end-user problems hence they too need to be considered in the planning as well. Few Admin roles have access to sensitive data and files, like security and compliance admins, So its recommended that you identity the right teams (security admins) to have access.

RBAC is a permissions scheme that is based on the idea of granting IT administrators the ability to perform specific actions while denying them the ability to perform other actions

You may be looking for consistency applied across the delegated/admin permissions for the entire suite of Office 365 sas, then a third-party management tool may be an ideal solution for you.

How to restrict access to Office 365 – MattChatt

Access Level

Microsoft has introduced many built-in custom admin roles recently which can be used to assign right permission. Custom role can also be created with RBAC (Role base access control) if built-in admin role is not sufficient. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers. Assigning the least permissive role means giving admins only the access they need to get the job done.example, if you want someone to reset employee passwords you shouldn’t assign the unlimited global admin role, you should assign a limited admin role, like Password admin or Helpdesk admin. This will help keep your data safe and secure.

Hansett Access Control, Audio/Video Door Entry & Biometric

Auditing and control

You must need to enable/use auditing to track every event happening in your Office 365 environment to take preemptive actions and avoid deep consequences. you can use the Security & Compliance Center to search the unified audit log to view the administrator activity in your organization. You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. When an audited activity is performed by a admin, an audit record is generated and stored in the audit log for your organization. If you are looking for more deeper audit logs for admin activity like Monitor Critical license changes made by admins, to avoid license-related issues, you can opt third party auditing solutions. There are plenty in the market and may fulfill your need.

IT Auditing – Planning the IT Audit - Cyber Experts


It’s always recommended to check which users have administrative access, how many of them are Global Administrators, and if there are any invited guests or partners that have not been removed after being assigned to do an administrative task. You can recertify the role assignment users in Office 365 such as Global Administrators, or Azure resources roles such as User Access Administrator in the Azure AD Privileged Identity Management (PIM) experience. Do cyclic review for access level and implement the changes/edit with the respective teams. As a tenant owner, You must hold a quarterly meet with all IT stake holders To facilitate better permission availability, make sure to articulate which roles each team in organization need. Newly on-boarded admins access need to be granted with certain approval flow including your IT security and 365 tenant owner approval.

Top 10 Review Sites for More Customer and Business Reviews

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

Eine Tolle Reise

Here, you all will come to know about me, about my life and of course some common issues these days!!

Office 365 for IT Pros

The only always up-to-date eBook about the Microsoft 365 cloud Office system, covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Azure Active Directory, and more

Chirag Patel MVP MCT

Microsoft 365 Specialist

All about Microsoft 365 & Teams

lEt's eNaBle MoDeRn WoRkPlAcE ! News

The latest news on and the WordPress community.

%d bloggers like this: