- Free Edition
- Quick Links
- Highlights
- Exchange Online
- Exchange Online Management
- Exchange Online Reports
- Exchange Online Auditing
- Exchange Online Monitoring
- Shared Mailbox Management
- Mailbox Usage Reports
- Exchange Online Mailbox Auditing
- Shared Mailbox Reports
- Exchange Online Delegation
- Mailbox Size Reports
- Mail Traffic Reports
- Non-owner Mailbox Access Report
- Public Folder Reports
- OWA Reports
- Mailbox Content Reports
- Azure Active Directory
- Azure AD Management
- Azure AD Reports
- Azure AD Monitoring
- Azure AD Auditing
- User Management
- Contact Reports
- Security Group Reports
- License Reports
- Azure AD Delegation
- Microsoft 365 User Provisioning
- User Reports
- Distribution Group Reports
- Group Reports
- Inactive Exchange Users
- Azure AD User Auditing
- Azure AD Group Auditing
- Azure AD Logon Auditing
- Microsoft Teams
- OneDrive for Business
- SharePoint Online
- Security and compliance
- Other Features
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Hybrid AD, cloud, and file auditing and security
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Security Plus Microsoft 365 Auditing and Alerting
- EventLog Analyzer Real-time Log Analysis & Reporting
- SharePoint Manager Plus SharePoint Reporting and Auditing
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
Microsoft 365 has empowered organizations to operate seamlessly from any location. This also applies to the administrators who manage your tenants. However, relying on a limited number of administrators for your entire organization can lead to inefficiencies as the workload of entire teams and menial tasks, such as password resets and account lockouts, might end up burning them out.
Having a couple more administrators might help with the workload. However, it will end up in chaos when multiple people take over with the same level of access and control as the main administrator, which inevitably leads to privilege abuse. To resolve this, Microsoft 365 introduced the admin role delegation feature, which allows you to delegate admin rights to technicians without giving them full access to all permissions in Microsoft 365.
However, this comes with its own limitations. For instance, you can only delegate technicians' default roles in Microsoft 365, such as password administrator, Exchange administrator, etc. Creating custom roles requires precise knowledge of the permissions in Microsoft 365, and you will still end up with the limited granularity of the default roles.
Complete help desk delegation with M365 Manager Plus
In M365 Manager Plus, the Microsoft 365 administration component of AD360, you are not limited to default roles. Admins are often skeptical about delegating admin rights to users, as things can get out of hand if not properly monitored. To assuage these fears, M365 Manager Plus lets you delegate particular tasks on an attribute level delegation rather than giving a person full admin rights.
Select any combination of reporting, management, auditing, and alerting tasks to create your own customized roles. Assign these custom roles to help desk technicians and help share the workload. There is no limit to the amount of roles you can delegate to a technician, which provides flexibility when delegating admin rights to users.
Highlights of M365 Manager Plus
Cross-tenant delegation: You can configure more than one Microsoft 365 tenant in M365 Manager Plus and delegate the rights of one tenant to admins in another tenant to make sure critical tasks are always taken care of.
Domain-based delegation: If there are multiple domains in your tenant, you can create roles with domain-specific tasks. Having domain-based admins can help you keep a closer eye on your domain and not let your admins access the data of the entire tenant.
Virtual Tenants: Create virtual tenants based on multiple criteria like users that have access to particular services or objects and delegate them to multiple technicians with different scopes to execute specified tasks. Give your technicians just enough access to view and manage their assigned users.
Non-admin delegation: Create and delegate roles to non-admins users. You can delegate miscellaneous tasks to trusted users to reduce help desk tickets. Attribute-based delegation allows you to delegate your users only the tasks that they need to carry out—nothing more, nothing less.
Technician audit log: Track what a technician did with their delegated rights. For example, find out what audit reports were generated, which alerts were created, and more. View the time and status of each operation the technician completed as well.
How does delegation work in securing and simplifying your Microsoft 365 administration?
Delegation of administrative duties across multiple departments enables organizations to streamline administrative tasks by distributing responsibilities to appropriate personnel while maintaining security and control. By granting the right permissions in the right scale, organizations can empower non-IT staff to perform audits efficiently without compromising security. Let’s explore two key use cases where delegation improves operations in a Microsoft 365 environment.
Use case 1: Allow an HR manager to create new user accounts
Many admins use Microsoft 365's help desk delegation feature when their company is hiring and there is a sudden influx of new employees. Provisioning new user accounts is a major priority that is quite time-consuming. Administrators can reduce both the time it takes to complete the process, and their involvement in it, by authorizing HR personnel to create new user accounts in Active Directory. With M365 Manager Plus, you can create a login for HR staff which they can use to view and perform their delegated tasks.
Use case 2: Implement departmental control over Microsoft 365 audits for individual services
Auditing Microsoft 365 activities across different departments and services. However, granting full administrative access to every department increases the risk of unauthorized changes and data exposure.
With M365 Manager Plus’ delegation feature, you can assign specific audit responsibilities to individual departments, empowering them to monitor activities within their designated services, such as Entra ID, Exchange Online, Teams, or SharePoint Online. You can also assign individual audit actions to your admins if you wish to delegate on a more granular level.
This targeted delegation ensures that each team has access only to the data they need. Free up your admin workforce while minimizing bottlenecks and delays for audits across multiple services.
Use case 3: Split tenants into manageable workspaces with virtual tenants
Organizations that use Microsoft 365 have to watch over multiple services and entities in a tenant and manage them efficiently. However, these tenants are usually too expansive to be handled as a single entity.
With M365 Manager Plus' virtual tenants, you can segment your users into smaller virtual tenants and empower designated technicians with granular data collection privileges for focused tasks within their designated areas. Restrict access to only the necessary users for each technician, preventing unauthorized access or modifications.