This article will provide an overview of how operators are defined, use cases, and dependencies.
In , we define an Operator as anyone in your organization who has a need to log in to , regardless of the reason. The use of need not be limited only to what IT organizations view as a classic Delegated Administrator, but can also include individuals in other business roles, such as:
CIO/DCIO/CISO - Access to various dashboards and key performance metrics.
Legal Staff - Place individuals on/off litigation hold as needed.
Human Resources - Access to/or maintenance of employee demographic information.
Training/Organizational Development Staff - Access to resources to augment their training and adoption goals.
The identity of an Operator is sourced from accounts in Office 365. This is known by as an Organizational Account. While you could create an Operator account for someone who does not have an Organizational Account, this is not practice. You create a Operator in the same manner as you created a , following the instructions found in 4.B Create CoreView Tenant Administrators. However, the difference between the two is that generally, an organization doesn't create Operators unless they plan to implement some form of delegation.
An Operator's activities are logged into an Audit Log to which any has access. Moreover, through Manage Operators, a Tenant Admin can see an inventory of all Operators and access the details of their operator account.
Operator Use Cases
Below are examples of when a Operator account might be assigned to someone in your organizations.
Office 365 Administrators
Creating Operators as is a common practice to allow full management of Office 365.
Help Desk Staff
Help Desk staff may benefit from access to for a variety of reasons.
Delegated Exchange Administrators
If your organization's IT services are delegated, you may choose to delegate access to exchange management capabilities.
You may provide members of your legal department access to to allow them to place or, or remove accounts from, legal hold.
Your CIO or CTO may desire access to to view the executive-level dashboards, license optimization or chargeback reports.
A Operator is an account that is created in by a Tenant Administrator which allows the individual associated with that account to log into to perform a technical or business activity. The Operator Types below are not formal types; rather, they are more along the lines of functional “use cases” and are provided for illustration purposes. Each customer can and should determine on their own how they want to manage their Operators.
Common Operator Types
A Tenant Administrator in is an Operator who has been granted the specific role in . This type is analogous to someone being a Global Admin in Office 365. Individuals in this type of role usually fall under one or more of an organization’s security policies pertaining to anyone who has been assigned elevated permissions.
A usually does not need to be a Global Admin in Office 365 to use and perform the functions of a .
A Delegated Administrator in is an Operator who is typically granted permission to execute Management Actions against Office 365 on behalf of the business unit to which they are assigned.
Individuals in this type of role may fall under one or more of an organization’s security policies pertaining to someone who has been assigned elevated permissions.
Examples would involve managing users, mailboxes, groups, and so on.
A Delegated Operator in is an Operator who is typically granted read-only permissions to view dashboards and/or run reports. This type of account is considered more business-oriented, meaning it would be issued to someone who isn’t a mainstream IT person.
Depending on the need, a Delegated Operator may be granted permission to run a limited set of Management Actions that are relevant to their business function. For example, granting an attorney permission to allow them to add or remove a Litigation Hold against a user’s mailbox or giving an Administrative Assistant permission to manage a business unit’s distribution lists.
Any implementation of an Operator account would typically depend on other aspects of your configuration. Your implementation of Operators depends on your looking at the whole of and how you want to take advantage of power to achieve your organization's business goals.
Therefore, you may need to defer the creation of Operators until other configurations which may affect their permissions are set up:
Virtual Tenants - Virtual Tenants allow you to segment your business data and restrict an Operator's span of control to only a particular set of business data.
Permissions - The creation of role-based access controls (permissions) is essential to ensure that any Operator has the appropriate access to perform the activities required of them.
License Pools - An Operator's access to license pools allows them to manage the assignment or recovery of licenses, but only within the scope defined by the organization.
Please refer to the following article for more information on how to create and manage operators: Manage Operators
Was this article helpful?
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
We apprciate your effort and will try to fix the article