Microsoft 365

As an O365 Admin we Get Below Privileges to Administer Centrally in the Microsoft Admin Portal

https://admin.microsoft.com/AdminPortal/Home#/alladmincenters

All admin centers



Icon

Name

Description



Compliance

Use the ‎Microsoft Purview compliance portal‎ to meet your compliance and privacy goals. You'll find integrated solutions that help protect sensitive info, manage data lifecycles, reduce insider risks, safeguard personal data, and more.



Exchange

Manage advanced email settings, such as quarantine, encryption, and mail flow rules.



Microsoft Defender ATP

Monitor and respond to security alerts on devices protected by next-generation protection, endpoint detection and response, and many other capabilities of ‎Microsoft Defender Advanced Threat Protection‎.

‎Microsoft Entra‎

Use the ‎Microsoft Entra‎ admin center to manage identities, permissions, and network access.



Microsoft Intune

A single management experience for the End User Computing team in IT to ensure employees' ‎Microsoft 365‎ devices and apps are secured, managed, and current.



Office configuration

Manage, configure, and monitor deployment of ‎Microsoft 365‎ Apps for your organization.



Power Apps

Use the Power Platform admin center to manage activity, licenses, and policies for user-generated ‎Power Apps‎, which can connect to your data and work across web and mobile.



Power Automate

Manage the automation of repetitive and time-consuming tasks in the Power Platform admin center, where you can set up connections to web services, files, or cloud-based data and put them to work.



Search & intelligence

Manage Microsoft Search settings including services and content that are available for people in your organization. Make finding internal tools, documents, and people just as easy as searching the web in Bing.



Security

Use ‎Microsoft 365 Defender‎ for unmatched visibility into threats to your network and your security posture. Respond to incidents, proactively hunt for threats, track your assets, and deploy policies to secure your identities, devices, ‎Office 365‎ workspaces, apps, and more.



SharePoint

Manage sites, sharing, storage, and more for ‎SharePoint‎ and ‎OneDrive‎. Migrate files and sites to ‎Microsoft 365‎.

Universal Print

‎Universal Print‎ is a serverless print management solution built with Zero Trust security in mind. Employees can print driverless from ‎Windows‎ 10/11, or ‎Microsoft 365 for the web‎ on mobile devices.



Viva Engage

Manage your ‎Yammer‎ network, set a usage policy, control external network settings, and enable features like translation.

License Requirements for an Admin Role 

For an Office 365 Admin (now part of Microsoft 365), the specific license required depends on the administrative tasks they need to perform and the services they need access to. Here’s a breakdown:

---

1. Basic Admin Access

• License Required:
  • None (Administrative access itself does not require a specific license.)

Administrators can manage Office 365/Microsoft 365 tenants without needing a user license for basic tasks like user creation, license assignment, and service management. However, they will not have access to use services like Exchange Online, SharePoint Online, or Teams without a license.

---

2. Access to Administrative Portals

• For tasks like managing email (Exchange), SharePoint, or Teams, administrators may require access to these services for testing or configuration purposes:
  • Microsoft 365 Business Premium
  • Microsoft 365 E3 or E5
  • Office 365 E3 or E5

---

3. Specific Role-Based Licensing

Here are examples of licenses for specific admin roles:

a. Exchange Admin:

• Needs an Office 365 or Microsoft 365 license that includes Exchange Online to send/receive test emails or manage mailboxes directly.

b. Teams Admin:

• Requires access to Microsoft Teams, which is included in most Office 365/Microsoft 365 licenses.

c. SharePoint Admin:

• Requires a license with SharePoint Online to test and configure SharePoint sites.

d. Security & Compliance Admin:

• A Microsoft 365 E5 license is recommended for access to advanced security features, compliance tools, and analytics.

---

4. Global Administrator

A Global Admin does not need a specific license for administrative privileges but will require a user license to access and use Microsoft 365 services.

---

5. Microsoft 365 Admin Without Licensing

If a company wishes to assign administrative roles without purchasing additional user licenses, they can:

• Create a separate "admin account" without assigning a license.
• This account can manage users, groups, and subscriptions but cannot utilize services like email or Teams.

---

Summary Recommendation:

• For full-feature testing and administration: Assign the admin a license such as Microsoft 365 E3 or E5.
• For basic administrative tasks only: No license is required, but the admin cannot use or test services.

Here’s a deeper look into licensing requirements for Office 365/Microsoft 365 Admins, focusing on specific roles, advanced features, and recommendations based on use cases:

---

1. Global Administrator Licensing

• Role Description:
  Global Administrators have full access to all settings and management tools in the Microsoft 365 admin center.

• License Requirements:

  • None for administrative tasks like managing users, assigning licenses, and configuring tenant-wide settings.
  • Required if the Global Admin needs access to specific services (e.g., Exchange, Teams, SharePoint).

Recommended Licenses:

• Microsoft 365 E3/E5 for enterprise environments.
• Microsoft 365 Business Premium for SMBs.

---

2. Role-Based Administrator Licensing

Here’s a breakdown of licenses required for specific administrator roles:

a. Exchange Administrator

• Tasks: Manage mailboxes, email flow, distribution groups, and email policies.
• License Requirement:
  • To configure and manage Exchange Online only: No license required.
  • To send/receive test emails or access user mailboxes: A license with Exchange Online (e.g., Office 365 E3 or Microsoft 365 E3).

---

b. Teams Administrator

• Tasks: Manage Teams configurations, meetings, messaging policies, and voice services.
• License Requirement:
  • To manage Teams settings: No license required.
  • To join Teams meetings or test configurations: A license with Microsoft Teams (e.g., Office 365 E3 or Microsoft 365 Business Standard).

---

c. SharePoint Administrator

• Tasks: Configure SharePoint sites, manage document libraries, and control sharing policies.
• License Requirement:
  • To manage SharePoint Online settings: No license required.
  • To access SharePoint content directly: A license with SharePoint Online (e.g., Office 365 E3).

---

d. Security and Compliance Administrator

• Tasks: Oversee security policies, compliance configurations, and threat protection.
• License Requirement:
  • To view or configure security features: No license required.
  • To utilize advanced features like Microsoft Defender or Compliance Manager: Microsoft 365 E5 or Office 365 E5 license.

---

e. Billing Administrator

• Tasks: Manage subscriptions, billing, and payments.
• License Requirement: No license is required.

---

3. Key Scenarios for Admin Licensing

Scenario 1: Basic Administrative Tasks Only

• If the admin does not need to access any services for testing or usage, no license is required.
• Examples: Managing users, resetting passwords, assigning licenses.

Scenario 2: Advanced Features Testing

• Assign a license such as Microsoft 365 E3 or Microsoft 365 E5 to allow access to advanced features for testing and troubleshooting.
• Examples: Configuring Exchange mailboxes, testing Teams meetings, managing SharePoint libraries.

Scenario 3: Temporary Admin Account

• Create an unlicensed admin account with only the required roles (e.g., Exchange Admin) to reduce costs.

Scenario 4: Delegated Administration via CSP

• If your organization is a Cloud Solution Provider (CSP), delegated admin rights can be used to manage customer tenants without needing a license.

---

4. Special Notes on Security

• Multi-Factor Authentication (MFA): Ensure all admin accounts have MFA enabled to reduce security risks.
• Privileged Identity Management (PIM): For advanced control over admin roles, PIM in Azure AD Premium P2 is recommended (included in Microsoft 365 E5).
• Dedicated Admin Accounts: Use separate admin accounts with minimal privileges to adhere to the principle of least privilege.

---

5. Recommended Licenses Overview

Role	License Needed	Notes
Global Admin	None (for admin tasks only)	License required for service usage.
Exchange Admin	Office 365 E3 or Microsoft 365 E3	For sending test emails or accessing mailboxes.
Teams Admin	Office 365 E3 or Microsoft 365 E3	For testing Teams features.
SharePoint Admin	Office 365 E3 or Microsoft 365 E3	For accessing SharePoint content.
Security & Compliance Admin	Microsoft 365 E5	For advanced security/compliance features.
Billing Admin	None	For billing and subscription management.

---

6. Best Practices for Admin Licensing

• Assign only the necessary roles to each admin account to reduce risks.
• Use unlicensed accounts for administrative tasks that don’t require service access.
• Audit admin accounts regularly to ensure compliance with your organization's policies.

How the Global Admin Role is Assigned in Microsoft 365?

In Microsoft 365, the Global Administrator (Global Admin) role is a high-level administrative role that provides full access to all aspects of the tenant, including managing users, groups, licensing, services, and access to security and compliance features.

---

How the Global Admin Role is Provided

1. Assigning Global Admin Role:

   • The Global Administrator role is automatically assigned to the first user who signs up for Microsoft 365 during the initial setup of the tenant. This is known as the initial Global Administrator.
   • Additional users can be assigned the Global Admin role by another existing Global Admin or through specific permissions granted by Azure AD or Microsoft 365 admin centers.

2. Admin Centers:

   • You can manage and assign Global Admin permissions through different Microsoft 365 admin centers:
     • Microsoft 365 Admin Center (https://admin.microsoft.com)
     • Azure Active Directory (Azure AD) Admin Center (https://aad.portal.azure.com)

3. Assigning the Role:

   • To assign the Global Admin role to a user:
     • Navigate to the Microsoft 365 Admin Center.
     • Go to Users > Active Users.
     • Select the user you wish to assign the role to.
     • Click Edit > Roles, then assign the Global Administrator role.

4. Permissions and Responsibilities:

   • Global Admins have full control over the Microsoft 365 tenant, including:
     • Managing all users and groups.
     • Assigning and managing licenses.
     • Configuring security and compliance policies.
     • Accessing billing, support, and subscription information.

---

Best Practices for Managing Global Admins

• Limit Global Admin Access: Only assign the Global Admin role to trusted users to reduce the risk of security breaches.
• Use Role-Based Access Control (RBAC): Assign less privileged roles like Exchange Administrator, SharePoint Administrator, or Security Administrator for specific tasks.
• Multi-Factor Authentication (MFA): Enable MFA for Global Admin accounts to add an additional layer of security.

---

Removal of Global Admin Role:

• To remove a user from the Global Admin role:
  • Go to Microsoft 365 Admin Center > Users > Active Users.
  • Select the user and click Edit > Roles, then remove the Global Administrator role.

---

The Global Admin role is essential for managing all aspects of a Microsoft 365 tenant, but it's crucial to ensure proper delegation and security controls to prevent misuse.

OST (Offline Storage Table) vs PST (Personal Storage Table)

OST and PST are file formats used by Microsoft Outlook for storing email messages, calendar items, contacts, and other mailbox data. However, they have distinct purposes, features, and usage scenarios. Below is a detailed explanation of both:

---

1. OST (Offline Storage Table)

• Purpose:

  • OST files are used for offline access to Outlook data. They allow users to work with emails, calendar, and other data even when not connected to the Exchange server or Office 365.

• Functionality:

  • Synchronizes data with the Exchange server (or Office 365) when connected.
  • All changes made to the offline data are synced back to the server when reconnected.

• Use Case:

  • Ideal for users working in environments where offline access is necessary, such as remote work or locations with limited internet connectivity.
  • Common in corporate environments with Exchange or Office 365 servers.

• File Location:

  • Stored in C:\Users\[User]\AppData\Local\Microsoft\Outlook.

• Differences from PST:

  • Requires an Exchange or Office 365 account for synchronization.
  • Always associated with an email account (Microsoft Exchange, Office 365).
  • Encrypted and supports syncing with server changes (increased security and data integrity).

---

2. PST (Personal Storage Table)

• Purpose:

  • PST files store Outlook data locally (on the user's computer). They are standalone files, independent of any Exchange or Office 365 server.

• Functionality:

  • Allows the storage of emails, contacts, calendars, tasks, and other Outlook data without needing a live connection to an email server.
  • Can be used for archiving or data backup purposes.

• Use Case:

  • Suitable for personal use or small organizations where Exchange/Office 365 isn’t implemented.
  • Often used for managing large amounts of data or migrating data from older versions of Outlook.

• File Location:

  • Stored in C:\Users\[User]\Documents\Outlook Files.

• Differences from OST:

  • Does not require Exchange or Office 365.
  • Standalone file that can be used independently.
  • No real-time synchronization with a server; data does not sync back to a server when reconnected.

---

Key Differences Between OST and PST

Feature	OST	PST
Connection	Requires Exchange/Office 365 account	Works independently (no server required)
Synchronization	Syncs with server (real-time updates)	Does not sync with a server (offline)
Data Type	Email, Calendar, Contacts, Tasks	Same as OST, but independent storage
File Format	Encrypted, uses .ost extension	Non-encrypted, uses .pst extension
Use Case	For online/offline working with servers	For local data storage/archiving
File Size	Limited by server or Office 365 storage	Often larger for personal use
Security	Higher security due to server syncing	Lower security, can be accessed locally

---

Advantages of OST vs PST

• OST:
  • Automatically syncs data with the server.
  • Provides seamless access to mailbox even offline.
  • Supports features like shared mailboxes, calendars, and permissions in Exchange environments.
• PST:
  • Ideal for users who need to store local copies of data.
  • Useful for backups and archiving large amounts of data without requiring a server connection.

---

Limitations of OST and PST

• OST:

  • Size is limited by server configurations (e.g., Office 365 or Exchange limits).
  • Requires a stable internet connection for sync.

• PST:

  • Can become large and difficult to manage, especially for organizations with extensive data.
  • No real-time synchronization; data must be manually moved or backed up.

In summary, OST is tied to server-based email systems like Exchange or Office 365 and provides real-time synchronization, while PST is a standalone file format primarily used for local or backup storage.