Overview
Admin level and some non-Admin level Office 365 permissions are managed by assigning Office 365 specific Azure Active Directory Roles and Permissions.
Office 365 specific Admin roles such as “Exchange Administrator”, or “Teams Administrator” can be assigned to users in Azure AD who will be responsible for these Office 365 Applications.
An access review for Office 365 applications is performed within the context of an Azure Active Directory Role Based review.
An Azure Active Directory Global Administrator has all rights to manage Office 365 applications.
Exchange Online (Email and Collaboration)
Microsoft Exchange Online is the hosted version of Microsoft Exchange messaging service. Administrators login to the Exchange Admin Center to Manage the email system.
Common Exchange Online specific Azure Active Directory roles for which Zilla Access Reviews will review:
Global Administrator (Can manage entire system)
Exchange Administrator (Can Manage all aspects of the Exchange Online product)
Exchange Recipient Administrator (Can create or update Exchange Online recipients within the Exchange Online organization.
Hybrid Identity Administrator (Can Manage Hybrid AD to AAD provisioning, Azure AD Connect, and Exchange Server and Exchange Online Hybrid federation settings.
A Zilla Role Based access review of Azure Active Directory reveals the privileged permissions for Exchange Online.
SharePoint Online
Microsoft provides with SharePoint online a collection of cloud based web technologies that are used to store, share, and manage digital information.
SharePoint allows collaboration with external vendors or customers.
The Azure Active Directory Role “SharePoint Administrator” allows for full access management to all aspects of the SharePoint service.
A Zilla Role Based access review of Azure Active Directory reveals the privileged permissions for SharePoint Online.
Microsoft Intune
Microsoft Intune is a cloud-based service that provides Mobile Device Management and Mobile Application Management. The Azure Active Directory Role “Intune Administrator” can manage all aspects of Microsoft Intune.
A Zilla Role Based access review of Azure Active Directory reveals the privileged permissions for Microsoft Intune.
Microsoft Teams
A Zilla Role Based access review of Azure Active Directory reveals the privileged permissions for Microsoft Teams.
Privileged Access Review Office 365 in Zilla
The Zilla Administrator can run an Office 365 PAR Review for Office 365 Admin permissions within the context of an Azure Active Directory Access Campaign.
Campaign below named “Privileged Access Review Office 365” is created and is configured to only target AAD Roles that provide Office 365 Admin permissions such as “Exchange Administrator”.
Once the campaign is run the assigned reviewer will see the Admin permissions as shown below and will make the appropriate review decision.