Admin roles in Office 365
Assign admin roles in Office 365 for business.
As the person who purchased your Office 365 business subscription, you are the global administrator. This means you have complete control over the Office 365 suite of products. To help you manage Office 365 for your business, you can assign users to administrator roles so they can perform tasks in the Office 365 admin center. For example, if you want help resetting passwords, you can assign someone to the Password administrator role.
Assign admin roles to a user in your business
1. Go to the Office 365 admin center.
2. In the Admin center, select Users.
3. On the Active users page, choose the user whose administrator role you want to change. The properties page for the user opens.
4. Next to Roles, choose Edit. If you don't see the Edit button, then you don't have global admin permissions and can't assign admin roles to other people. Ask a global admin in your business to assign roles for you. In a small business, the business owner (the person who purchased Office 365) is a global admin. In a large business, key people in the IT department are global admins.
5. Choose the Edit button next to Roles.
6. Choose Customized administrator to see a list of roles we've customized for you.
About Office 365 Admin Roles
Office 365 comes with a set of admin roles that you can assign to users in your organization. Each admin role maps to common business functions, and gives people in your organization permissions to do specific tasks in the Office 365 admin center.
Here are the available roles and what people assigned to them can do.
| Role | What they do in Office 365 |
 Global administrator | Accesses all administrative features in the Office 365 suite of services in your plan, including Skype for Business. By default, the person who signs up to buy Office 365 becomes a global admin. Global admins are the only admins who can assign other admin roles. You can have more than one global admin in your organization. As a best practice we recommend that only a few people in your company have this role. It reduces the risk to your business. Tip: Make sure everyone who is a global admin in your organization has a mobile phone number and alternate email address in their contact info. |
 Billing administrator | Makes purchases, manages subscriptions, manages support tickets, and monitors service health. |
 Exchange administrator | Manages mailboxes and anti-spam policies for your business, using the Exchange admin center. You can view all the activity reports in the Office 365 admin center. Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center. |
 SharePoint administrator | Manages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators and term store administrators. Permissions assigned to SharePoint sites are completely separate from the Office 365 global admin role. You can be a global admin without access to a SharePoint site if you weren't added to it or didn't create the site. People in this role can also view all the activity reports in the Office 365 admin center. |
 Password administrator | Resets passwords, manages support tickets, and monitors service health. Password admins are limited to resetting passwords for users. |
 Skype for Business administrator | Configures Skype for Business for your organization and can view all the activity reports in the Office 365 admin center. |
 Service administrator | Opens support tickets with Microsoft, and views the service dashboard and message center. They have “view only” permissions except for opening support tickets and reading them. Tip: People who are assigned to the Exchange Online, SharePoint Online, and Skype for Business admin roles should also be assigned to the Service admin role. This way they can see important information in the Office 365 admin center, such as the health of the service, and change and release notifications. |
 User management administrator | Resets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Office 365 groups. The user management admin can’t delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance and Skype for Business admins. Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center. |
 Reports reader | Can view all the activity reports in the Office 365 admin center and any reports exposed through the reporting APIs. |
| Security and Compliance center roles | If you have an Office 365 E3 or E5 business subscription, it includes security and compliance tools. In that case, you have access to these additional roles: Compliance administrator, eDiscovery Manager, Organization management, Reviewer, Security Administrator, Security Reader, Service Assurance User, Supervisory Review. |
 Dynamics 365 (online) | When a person is assigned to the Office 365 global administrator role, they are automatically assigned to the System Administrator security role in Dynamics 365 (online). A person assigned to the System Administrator security role in Dynamics 365 can assign other people to Dynamics 365 security roles. With the System Administrator security role, you can manage all aspects of Dynamics 365. |
 Dynamics 365 service administrator | Use this new role to assign users to manage Dynamics 365 at the tenant level without having to assign the more powerful Office 365 global admin privileges. A Dynamics 365 service admin can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Office 365 global admin such as manage user accounts, manage subscriptions, access settings for Office 365 apps like Exchange or SharePoint. |
| Power BI administrator | A person assigned to the Power BI admin role will have access to Office 365 Power BI usage metrics. They'll also be able to control your organization's usage of Power BI features. |
| Message Center reader | Monitors changes to the service and can view all posts to the Message center in Office 365 and share Message center posts with others through email. Users assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions |
Related Articles
Manage your users in Office 365
As an admin for Office 365, you can manage users in the Office 365 admin center preview. The people on your team each need a work or school account before they can sign in and access Office 365 for business. You can also remove users and reset your ...Setup e-mail forwarding as an Admin in the Office 365 Admin Center
To setup e-mail forwarding as an Administrator, please follow the instructions below: 1. In the admin center, go to the Users > Active users page. 2. Select the name of the user whose email you want to forward, then open the properties page. 3. On ...Set up Office 365 for business - Office 365
The basic Office 365 setup process, end-to-end The Office 365 setup wizard will guide you through the first step to add other people to your subscription and set up your domain. Then we show you what else you can do to get the most out of Office ...Create shared mailboxes in Office 365.
Shared mailboxes in Office 365 make it easy for a group of people to monitor and send email from a common email addresses, like info@contoso.com, support@fourthcoffee.com or contact@contoso.com. When a person in the group replies to a message sent to ...Setup the DNS settings required to use your domain in Office 365.
Find the TXT record value and verify Sign in to Office 365 with your account. Go to Admin Center > Settings or Setup > Domains. Click your domain, then choose Start setup. Alternatively, choose "Add domain" and enter the desired domain to add. You'll ...