Manage Admins without Microsoft Global Admin Credentials

This article explains how to configure any Teams user in your O365 organization without Global Admin role to become an Enterprise Admin in ConnecttoTeams Enterprise Portal.

This could be used in cases wherein you want non-admin employees, such as your IT personnel or operations staff, to manage your operations in the Enterprise Portal.

Introduction

Enterprises strongly prefer to reserve their Microsoft Global Admin role for use only when necessary. Some certifications (i.e. SOC2) require a very strict control on who has access at the highest level in IT Systems.

Microsoft Global Admin role is REQUIRED to complete the Enterprise Registration and Direct Routing setup as well as the optional Teams Application setup.

All day-to-day tasks - adding, configuring and deleting End Users - can be performed with delegated Microsoft credentials.

The Microsoft User with this delegated authority must have Teams Administrator role.

In some Microsoft Enterprises, delegation is a conditional setting that needs to be configured in Azure Active Directory in a process where the Global Admin grants a conditional consent to a delegated admin to a certain task. While time-consuming and inconvenient, this is undoubtedly an effective security measure.

Here is a table of the capabilities of each level of Microsoft roles:

Steps to Provide Delegated Authority

1. Navigate to Team Admin Center >>Active Users.
   

   
   

2. Select the subject user (not the Global Admin) and then select Manage Roles.
   
   
   

3. Select Admin center access as seen in the picture below.
   
   

4. Select Teams Administrator and click Save changes.
   
   

The Microsoft User details will show the Teams Administrator in the  Role as shown below.

When changes are saved, the Microsoft User with these credentials will then be able to access the ConnecttoTeams Enterprise Portal and be able to manage end users as well as the tasks listed in the table above.