Often the first thing I want to do with any new customer is have a good ol’ rummage around in their tenant to see how they got things setup. A common challenge I face, however, is they are understandably hesitant to grant me unfettered access to their tenant. For this reason, I was quite excited when Microsoft released the Global Reader role for Microsoft 365 services, which carries a description of “Can view all administrative features and settings in all admin centers”. This would solve all my problems, if only it were true. With my most recent customer I requested this role and confidently declared it would give me all the access I need. Boy was I red faced when I had to go back and request more access because the Global Reader role had let me down, badly!
Fast forward several months and things have not improved. Whilst a number of the limitations of the Global Reader role are documented in the description here, this list is far from complete so I thought I would try to create a more comprehensive list of the limitations to hopefully save you the same embarrassment I have suffered.
I have split the list into three categories:
- Critical – Really annoying
- Major – Quite Annoying
- Minor – I’ll cope for now
I am sure this is not all the limitations so I will add to this list as I uncover more. Equally, I will cross issues off the list as they are fixed! Please do tweet me if there are any that I have missed!
Critical
| Category | Description |
| OneDrive | Cannot access OneDrive Admin Center |
| Yammer | Cannot access Yammer Network Admin Center |
| Stream | Cannot access Stream Admin Center |
| SharePoint Online | Cannot connect to SharePoint Online Powershell |
Major
| Category | Description |
| Teams | Cannot view App Catalog in Teams Admin Center |
| Teams | Cannot read Teams lifecycle |
| Teams | Analytics & reports |
| Teams | IP phone device management |
| AIP | Cannot View Labels section |
| AIP | Cannot View Policies section |
| AIP | Cannot view Nodes section |
| AIP | Cannot view Clusters section |
| Power Platform | Cannot view Environments in Admin Center or PowerShell |
Minor
| Category | Description |
| SharePoint | Migration Center not accessible from navigation |
| Compliance | Permissions page not showing in navigation in Compliance Center |
| Compliance | Alerts page not showing in navigation in Compliance Center |
| Compliance | Audit page not showing in navigation in Compliance Center |
| Security | Alerts page not showing in navigation in Security Center |
| Security | Retention Labels page not showing in navigation in Security Center |
