At the time of writing this post, I was working for a “Microsoft Cloud Accelerate” partner. As a result of this, certain user accounts within our own Office 365 tenant were able to provide support to our customers, they would need to explicitly agree to the partner providing ‘delegated administration’ to their Office 365 tenant.
Delegated administration allows selected users to perform ‘delegated administration’ functions to Office 365 tenants (those that have allowed this) using their own credentials. This could be creating support tickets, managing users accounts and resetting passwords to configuring their services – it is also possible to support customers with SharePoint Online.
All of this of course, from setting up ‘delegated administration’ through to supporting customers with this function should be always be agreed and authorised with the customer. A key point to make clear with your customers is that by establishing the ‘delegated administration’ trust, the partner has access to provide ‘delegated administration’ to Office 365 services, subscriptions and SharePoint Online for example in their Office 365 tenant.
Create a delegated administration offer for your customers
To create a delegated administration offer for your customers you must do the following:
- Browse to the Partner Overview page (https://portal.microsoftonline.com/Partner/PartnerHome.aspx)
- Click on the link “Send delegated administration offers” link.
- Copy the information that appears in the window and sends this offer on to your customer(s). The offer isn’t customer-specific so you can reuse this offer for multiple customers.
The customer must then click on the link they receive and proceed to authorise you the partner as a delegated administrator of their Office 365 tenant. You will then receive an email confirming they have configured delegated administration.
In order for users within the partner organisation to perform delegated administration, they must be given administrative access to companies you support.
To do assign users with the permission they need you must complete the following:
- Navigate to the “Users and groups” page.
- Find the user you wish to give this permission to and select “Edit”.
- From the “Settings” page scroll down to the “Assign administrative access to companies you support” and select “Yes”. This will then give the user access to the “Partner overview” page.
- Then choose the appropriate role, and then click “Save”. The full administration role has the same privileges as the global admin role for the companies you support. The limited administration role has the same privileges as the password admin role for the companies you support.
Performing delegated administration
To do administer a customers Office 365 tenant you must use the “User and domain lookup tool” that is available on the “Partners” tab. Here you can enter your customer’s information it will bring back information about the tenant such as the subscription type and contact information. This page also displays three links to “Administer on behalf of”, “Create service requests” and “Show all administrators”. The “Administer on behalf of” link will then takes you to the “Office 365 admin centre” where you can manage and administer their tenant.