Learn about the Office 365 security reader security admin roles, including how to configure permissions for a global administrator or security administrator.
- [Instructor] ATP is for your administrators to use. In order to access and make changes within the Office 365 Security and Compliance Center, you'll need to grant the correct level of administrative grants. Office 365 comes with many built in admin roles, which can be assigned to users. When using advanced threat protection you are also granted extra Security and Compliance Center roles, which are specific to managing compliance tasks for Office 365. These include the compliance administrator, the discovery manager, organization management, reviewer, security administrator, security reader, mail flow administrator, records management, service assurance user, and supervisory review.
With the implementation of GDPR, this list has been updated to provide more granular control of Security and Compliance information. We'll focus on three of the roles available within the Office 365 Advanced Threat Protection. These are the security reader role, the security administrator, and the global administrator. The security reader role is the least privileged of the three, and is granted read-only access to the areas of the Office 365 Security and Compliance Center, Identity Protection Center, Privileged Identity Management, and to monitor Office 365 Service Health.
In addition, a user assigned this role can access all reports. A user with the security reader role can only read, they can not filter or customize reports. This protects data and settings from being changed. It can be a useful role to assign to a non-administrative user who needs to investigate issues, but not take any actions. As Office 365 continues to develop you can expect to see the ability to manage the list of reports to which this role has access. As at present, they can view all reports.
The security administrator role has the same access permissions as the security reader role, and they can also manage settings within the Azure Information Protection console. This role has the permission to view reports, and also to manage settings. And finally, the global administrator is not directly a Security and Compliance Center role, as it's created during the initial setup of Office 365, however as the main administrative role for Office 365, they also have access to the Security and Compliance Center.
The global administrator can access all of the administrative features of Office 365, and they're the only administrator that can grant other administrative roles. You can allocate the global administrator role to multiple users within your organization.
- Implementing Office 365 ATP
- Common Office 365 threats
- Configuring security admin roles
- Creating Safe Attachments policies
- Anti-spam options and settings
- Managing advanced spoofing filters
- Using Office 365 threat intelligence features
- Using the Attack Simulator
- Leveraging ATP reports