Teams, like SfB, has a concept of administrative roles. These roles control what you as an administrator can see and do. This helps secure the environment, and also simplifies things for the administrator. If you’re not in charge of Direct Routing, why even see that in the Teams admin center?
I didn’t understand the first docs.microsoft.com post that tried to explain these roles, and while they’ve improved the explanations and role descriptions, I thought a more thorough explanation might help others out. Here’s what my investigate found.
The four roles and a brief outline of what they do are:
- Teams Service Administrator. This role manages the Teams service, and also allows the creation and management of O365 Groups, which are a core foundation for Teams
- Teams Communications Administrator. This role can manage call and meeting functionality within Teams.
- Teams Communications Support Engineer. This role can manage communication issues within Teams by using advanced tools.
- Teams Communications Support Specialist. This role can manage communication issues within Teams by using basic tools.
If you’re more of a visual learner, here is what the four roles would see in the Teams Admin Center:
Teams Service Admin…
Teams Communications Administrator
The Teams Communications Support Specialist and Teams Communications Support Engineer see the same thing in the menu:
However they see different things when they drill down into things. Here’s what the Teams Communications Support Specialist sees:
and here’s what the Teams Communication Support Engineer sees:
Note the highlight part, showing that the Engineer role sees more advanced details suitable for their role.
PowerShell tells us a similar story. Here, the Teams Communications Support Specialist has no access to PSTN or voice commands:
While the Teams Service Admin does:
While these four roles don’t provide the same degree of flexibility and granularity (and complexity!) that was available in Skype for Business Server, you should ensure that you follow the principal of least privilege when assigning permissions to your support team.