Share via

Query on permissions

Rising Flight 3,891 Reputation points
2024-05-17T04:16:36.5433333+00:00

Hi All

I have two requirements. I want to create a separate Role for a group users who can access service health in Microsoft 365 admin center and these users also should be able to open case with Microsoft Support in Microsoft 365 admin center. Please guide me, for the second requirement is it enough if i provide these users access to service support administrator role.

Microsoft Exchange Online
Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,126 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,270 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,413 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,953 questions
0 comments
Accepted answer
  1. Sandeep G-MSFT 15,241 Reputation points Microsoft Employee
    2024-05-17T11:36:28.61+00:00

    @Rising Flight

    Thank you for posting this in Microsoft Q&A.

    As per your requirement you need 2 specific permissions for user to access service health in Microsoft 365 admin center and also this user should be able to open case with Microsoft Support.

    As Vasil Michev mentioned there is a default role in Entra ID "Service Support Administrator".

    This role holds below permissions,

    Actions Description
    microsoft.azure.serviceHealth/allEntities/allTasks Read and configure Azure Service Health
    microsoft.azure.serviceHealth/allEntities/allTasks Read and configure Azure Service Health
    microsoft.azure.supportTickets/allEntities/allTasks Create and manage Azure support tickets
    microsoft.office365.network/performance/allProperties/read Read all network performance properties in the Microsoft 365 admin center
    microsoft.office365.serviceHealth/allEntities/allTasks Read and configure Service Health in the Microsoft 365 admin center
    microsoft.office365.supportTickets/allEntities/allTasks Create and manage Microsoft 365 service requests
    microsoft.office365.webPortal/allEntities/standard/read Read basic properties on all resources in the Microsoft 365 admin center

    Permissions that you are looking for are both available in this role. You can also refer below article,

    https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#service-support-administrator

    If you want to only these 2 permissions for a specific role then currently this is not available in custom role. Entra ID custom roles are still worked upon by our PG team and they are still working on adding some more permission to user scope.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 97,386 Reputation points MVP
    2024-05-17T07:09:01.03+00:00

    Both requirements can be met by assigning the Service support administrator role.

    0 comments