Recommended Permissions and Management Actions
Modified on Wed, 22 Jun 2022 at 05:35 AM
Categories
-
What's New
-
Release Information
- CoreView Release Notes September 2023
- CoreView Release Notes August 2023
- CoreView Release Notes July 2023
- CoreView Release Notes June 2023
- CoreView Release Notes May 2023
- CoreView Release Notes April 2023
- CoreView Release Notes March 2023
- CoreView Release Notes February 2023
- CoreView Release Notes January 2023
- CoreView December 2022 Release Notes
- CoreView November 2022 Release Notes
- CoreView October 2022 Release Notes
- September 2022 Release Notes
- August 2022 Release Notes
- Release 22.06 Key Features
- Release 22.05 Key Features
- Release 22.04 Key Features
- Release 22.03 Key Features
- Release 22.01 Key Features
- Release 21.12 Key Features
- Release 21.11 Key Features
- Release 21.10 Key Features
- Release 21.09 Key Features
- Release 21.08 Key Features
- Release 21.07 Key Features
- Release 21.05 Key Features
- Release 21.04 Key Features
- Release 21.03 Key Features
- Release 21.02 Key Features
- Release 21.01 Key Features
-
Release Information
- Getting Started with Customer Care
-
Getting Started with CoreView
-
Configuring
- Configuration Overview
- Creating CoreView Tenant Administrators
- CoreView Operator Uses Cases & Dependencies
- Creating a License Pool
- Understanding Virtual Tenants
- "Send As" DNS Requirements for CoreAdoption Campaigns (Optional)
- How to enforce MFA on CoreView service accounts
- Creating a License Pool
- How to ensure security for CoreView service accounts
- Disabling MFA for CoreView service accounts
- Set Conditional Access to grant access only inside the CoreView data center
-
Configuring
-
How to
-
Exchange Online
- How to check and analyze the Message Trace
- How To Configure Email Forwarding
- How to convert a Shared Mailbox to a User Mailbox
- How to convert a user mailbox to a shared mailbox in Exchange Online
- How to Create Microsoft 365 Groups for Improved Collaboration
- How To Create Shared Mailbox
- How To Create User Mailbox
- How To Grant Access To Mailbox
- How to List all the Mailboxes a User has access to in Microsoft 365
- How to remove delegates from Mailbox
- How to remove user access to Mailbox
- How to review and manage Exchange online mailbox permissions
- How to verify if a user has updated the Password
- Read Permission for Mailbox
- What are security groups and How to create it
- What is a Distribution Group and How to create it
-
Exchange Online
- Custom Actions Library
- Getting Started with CoreHybrid
-
Knowledge Resources
-
Understanding CoreView - Quick Start Guides.
- CoreView Quick Start Guide Overview and Index - Tenant Admins
- CoreView Quick Start Guide Overview and Index - Operators
- Understanding CoreView Tenant Configuration – Management
- Understanding the CoreView Operator Profile
- Understanding CoreView Operator Roles (New UX)
- Understanding CoreView Operator Roles
- Understanding CoreView Operator Delegation
- Understanding CoreView - Report Column Filtering
- Understanding CoreView Tenant Configuration - V-Tenant User Filters
- Understanding CoreView Tenant Configuration - Portal Information
- Understanding CoreView Tenant Configuration Options
-
Troubleshooting Common Issues
- Unable to see OneDrive, SharePoint and Exchange Data
- Remote Office 365 PowerShell session can Conflict CoreView Management Actions
- Why I cannot save the changes on existing License pool?
- Error when attempting to perform a Management Action
- Unable to modify the Assigned Licenses in my License Pool Report
- Enabling Permission for Endpoint Manager Actions
- How to enable permission for BitLocker keys report
-
Tenant Administration
- How to recreate Admins Read-only
- How to add an operator to the portal?
- How to enable and configure CoreView management session
- How to provide a consent to activate Azure AD Reports Feature and activate Partial Import?
- Tips & Tricks: Leverage Pivot Reports to Prototype License Pool Criteria Filter
- Tips & Tricks - How to manage email notifications for newly added Operators.
- Disable MFA from Read Only Service Accounts
- How To: Report on "Consumed Portal Licenses"
- How to Configure Allowed IP Addresses for CoreView Service Accounts
- Tips & Tricks: How to merge License Pools
- How to Use CoreView's Global Report Filters
- How to use the What If tool to check Azure AD conditional access policies
- How to Configure Allowed IP Addresses for CoreView Service Accounts
- How to Archive a Teams Group
- How to Restore a Teams Group
- On-demand Import for a Single Device in Endpoint Manager (Intune)
- Custom Actions using the Microsoft Graph API
- How to set up your tenant for the switch to Microsoft Graph API
- GraphAPI configuration: How to get Client ID and Client Secret
- How to provide consent to import exchange information
-
Reporting and Analytics
- How do I Check and Manage Calendar Permissions for a User?
- How CoreView can help you with your Microsoft 365 Chargeback Goals.
- New UX: Understanding the new License Centers
- Understanding the Savings Opportunities Dashboard
- Understanding the License Optimization center
- Understanding License Pool Snapshots report
- Understanding Call quality dashboard
- Understanding Call quality report
- Understanding User call quality report
- Understanding Teams groups activity report
- Understanding Teams Adoption Growth Report
- Understanding Endpoint Manager reports
- Understanding Teams dashboard
- Understanding Risky Users report
- Understanding Storage Dashboard
- Troubleshoot Active Users (License Usage) data
- Legacy Protocol Management
- Report Columns: Is active 30/60/90
- Quarantined Messages Report - Understanding The Reports
-
Managing and Administration
- Teams Voice: Direct Routing Support
- How to enable management function?
- Forward SMTP Address vs Forward Address management actions
- How to add the users in bulk while executing Users management actions?
- How to Create & Manage Custom Actions
- How to schedule a report to be sent automatically, and how to modify its scheduling options?
- How to schedule an alert report for the License Count
- Tips & Tricks – How to read and modify license pool report?
- Overview of CoreView Workflow
- How to delegate Workflow management using roles
- How to configure CoreView and ServiceNow integration
- How to Enable Multi Factor Authentication for Operators and Admins who Access the CoreView Portal
- How Can I Migrate from Group-Based Licenses to Direct Licenses Managed by CoreView?
- Naming convention rules
- Custom Actions: Forbidden and Warning Values
- How to add users to Distribution Group in bulk using via CSV
- Not able to manage licenses error
- Using custom action json output as an input in the workflow
- Setting the Sensitivity Label on SharePoint as a Mandatory Field
- DistinguishedName vs OnPremisesDistinguishedName
-
Understanding CoreView - Quick Start Guides.
- CoreView Product Manual
- Health Check
- Actions
-
Playbooks
-
Out-of-the-Box playbooks
- Introduction
- Overview
- Configuring predefined policies
- Edit policy settings: Set and monitor thresholds
- Edit remediation settings: Manual and automatic remediation
- Edit remediation settings: Configure attestation
- Remediation settings: Security & Identity policies
- Remediation settings: Teams Management policies
- Remediation settings: License Management policies
- Remediation settings: SharePoint & OneDrive Management policies
- Remediation settings: Exchange Management policies
-
Out-of-the-Box playbooks
- Workflows
- Learning Platform
- Internal Customer Care Resources
- Archive
- PowerShell
- Webinars and Events
- CoreVoice
- Internal Support
CoreView provides the ability to create a set of admin roles that can be assigned to operators in your organization. Each admin role maps to common business functions and gives people in your organization permissions to read specific data and do specific tasks in Microsoft 365.
Security guidelines for assigning roles
Because admins have access to sensitive data and files, we recommend that you follow these security guidelines to keep your organization's data more secure.
- Have 2 to 4 global admins - Because only another global admin can reset a global admin's password, it is recommended that you have at least 2 global admins in your organization in case of account lockout. But the global admin has almost unlimited access to your org's settings and most of the data, so it is also recommended that you do not have more than 4 global admins because that is a security threat.
- Assign the least permissive role - Assigning the least permissive role means giving admins only the access they need to get the job done. For example, if you want someone to reset employee passwords you should not assign the unlimited global admin role, you should assign a limited admin role, like User admin or Helpdesk admin. This will help keep your data secure.
- Require multi-factor authentication for admins - It is a good idea to require MFA for all your users, but admins should be required to use MFA to sign in. MFA makes users enter a second method of identification to verify they are who they say they are. Admins can have access to a lot of customer and employee data and if you require MFA, even if the admin's password gets compromised, the password is useless without the second form of identification.
CoreView Permissions and the associated Management Actions
Exchange admin
Assign the Exchange admin permission to users who need to view and manage your user’s email mailboxes, Microsoft 365 groups and Exchange Online.
Exchange admins can also:
- Recover deleted items in a user’s mailbox
- Configure Archiving and Deletion Polices
- Configure Anti-Spam protection
- Set up “Send As” and “Send on Behalf” delegates
CoreView Exchange admin management actions:
Mailbox
- Edit mailbox type
- Check if mailbox exists
- Convert to shared mailbox
- Copy permissions from
- Copy permissions to
- Create mailbox
- Create resource mailbox
- Create shared mailbox
- Assign contacts folder delegate
- Edit equipment mailbox
- Edit mailbox
- Edit room mailbox
- EditSharedMailbox
- Enable mailbox audit
- Forward address
- Forward SMTP address
- Grant access to mailboxes
- Grant access to users
- Grant full access to manager
- Manage archive
- Manage calendar permissions
- Manage CAS
- Manage Clutter (Deprecated)
- Manage litigation hold
- Manage quarantine messages
- Manage quota
- Manage SendAs permissions
- Regional settings
- Remove mailbox
- Remove contacts delegate
- Remove access rights from mailbox
- Remove mailbox permissions rights
- Set archive name
- Grant send on behalf of to mailbox
- Configure auto reply
Microsoft 365 Groups
- Add members to Microsoft 365 groups
- Create Microsoft 365 group
- Edit Microsoft 365 group
- Manage Microsoft 365 group members
- Remove members from Microsoft 365 group
- Remove Microsoft 365 group
- Restore Microsoft 365 deleted groups
Global admin
Assign the Global admin permission to users who need global access to most management features and data across Microsoft online services.
Only global admins can:
- Reset passwords for all users
- Add and manage domains
CoreView Global admin management actions:
- All CoreView management actions are available
Global reader
Assign the global reader permission to users who need to view all data and settings in the M365 tenant in CoreView. The global reader admin cannot edit any settings. This role can be good when performing an audit.
CoreView Global reader management actions:
- No CoreView management actions are available
Groups admin
Assign the groups admin permission to users who need to manage all groups – Distribution, Security, and Microsoft 365 Groups.
Groups admins can:
- Create, edit, restore, and delete Microsoft 365 groups
- Create, edit, restore, and delete Security groups
- Create, edit, restore, and delete Azure Active Directory security groups
CoreView Groups admin management actions:
Microsoft 365 Groups
- Add members to Microsoft 365 groups
- Create Microsoft 365 group
- Edit Microsoft 365 group
- Manage Microsoft 365 group members
- Remove members from Microsoft 365 group
- Remove Microsoft 365 group
- Restore Microsoft 365 deleted groups
Security Groups
- Add members to security groups
- Add security group members
- Create security group
- Edit security group
- Remove security group
- Remove security group members
Distribution Groups
- Add distribution group members
- Add members to distribution groups
- Create distribution group
- Edit distribution group
- Grant access to distribution group
- Remove distribution group
- Remove distribution group delegation
- Remove distribution group members
Mail Contact
- Create mail contact
- Create mail user
- Edit mail contact
- Edit mail user
- Remove mail contact
- Remove mail user
Helpdesk admin
Assign the Helpdesk admin permission to users who need to do the following:
- Reset passwords
- Force users to sign out
- Monitor service health
CoreView Helpdesk admin management actions:
User
- Manage password
- Revoke user sessions
License admin
Assign the License admin permission to users who need to do the following:
- Assign and remove licenses from users
- Edit user’s usage location
CoreView License admin management actions:
User
- Manage licenses
- Remove all licenses
SharePoint admin
Assign the SharePoint admin permission to users who need to access and manage the SharePoint Online admin center.
SharePoint admins can also:
- Create and delete sites
- Manage site collections and global SharePoint settings
CoreView SharePoint admin management actions:
SharePoint
- Add SharePoint owners in bulk
- Create SharePoint site
- Delete SharePoint site
- Manage SharePoint owners
- Remove SharePoint owners in bulk
- Remove site from recycle bin
- Restore site from recycle bin
- Set SharePoint quota
Teams Service admin
Assign the Teams service admin permission to users who need to access and manage the Teams admin center.
Teams service admins can also:
- Manage meetings
- Manage conference bridges
- Manage all org-wide settings, including federation, Teams upgrade, and Teams client settings
CoreView Teams service admin management actions:
Teams
- Add members to Teams groups
- Assign - unassign Teams resource account
- Create Teams auto attendant
- Create Teams call queue
- Create Teams group
- Create Teams group channel
- Create Teams resource account
- Edit Teams auto attendant
- Edit Teams call queue
- Edit Teams group
- Edit Teams group channel
- Edit Teams resource account
- Free phone number from Teams resource account
- Manage phone number
- Manage Teams group members
- Manage Teams policies
- Remove Teams auto attendant
- Remove Teams call queue
- Remove Teams group
- Remove Teams group channel
User admin
Assign the User admin permission to users who need to do the following for all users:
- Add users and groups
- Assign licenses
- Manage most user properties
- Create and manage user views
- Update password expiration policies
- Manage service requests
- Monitor service health
- Manage usernames
- Reset passwords
- Force users to sign out
CoreView User admin management actions:
User
- Add tags
- Clone user
- Create user
- Edit sign-in status
- Edit user properties
- Edit users’ properties in bulk
- Flush tags
- Invite guest user
- Manage licenses
- Manage MFA
- Manage password
- Manage service plans
- Manage tags
- Password never expires
- Remove all licenses
- Remove guest user
- Remove tags
- Remove user
- Remove user from recycle bin
- Rename user
- Reset MFA
- Restore user
- Revoke user sessions
- Set portal attribute
Published: 01/14/2021
Updated: