Microsoft Entra ID · M365 Workloads & Services

Teams Administrator

Can manage the Microsoft Teams service including meetings, calling, messaging policies, and Teams-certified devices.

Scope: Full Microsoft Teams and Skype for Business Online administration

Permissions

  • Full Teams administration
  • Create Microsoft 365 groups
  • Delete Microsoft 365 groups
  • Update M365 group members
  • Update M365 group owners
  • Restore deleted M365 groups
  • Update M365 group properties
  • Read hidden group members
  • Create cross-tenant access for Teams
  • Update cross-cloud meeting settings
  • Manage external user profiles for Teams
  • Manage pending external profiles
  • Read permission grant policies
  • Read network performance
  • Manage Skype for Business
  • Read usage reports
  • Manage all Teams policies (messaging, meeting, calling, app, etc.)
  • Configure Teams phone system and calling plans
  • Manage Teams-certified devices

Common use cases

  • Teams deployment and management
  • Meeting policy configuration for organization
  • Calling policy and phone system administration
  • Teams app governance and permissions
  • Teams device management (phones, displays, rooms)
  • Cross-tenant meeting federation settings
  • Messaging policy and compliance configuration
  • Live events and webinar management
  • Teams channel and team governance
  • Guest access configuration for Teams
  • Teams analytics and reporting review
  • Shift management and frontline worker configuration

Best practices

  • Use Teams RBAC for granular delegation
  • Create separate roles for calling vs. meeting management
  • Coordinate with SharePoint Admin for storage policies
  • Test policies with pilot groups before broad deployment
  • Document all Teams configuration changes
  • Use sensitivity labels for team classification
  • Configure guest access policies carefully
  • Monitor Teams usage and adoption metrics
  • Set up alerts for policy changes
  • Use Teams templates for consistent team creation
  • Configure external access federation appropriately
  • Review Teams app permissions and governance
  • Implement retention policies for compliance
  • Consider PIM for just-in-time access

Security considerations

  • Can configure external federation affecting data sharing
  • Can manage guest access policies
  • Can modify app permission policies
  • Can access call and meeting recordings settings
  • Can configure cross-tenant meeting access
  • Microsoft 365 group management affects SharePoint access
  • Review external sharing settings regularly
  • Monitor for overly permissive guest policies
  • Alert on external access configuration changes
  • Consider separation from compliance policy roles

Official Microsoft Learn documentation →

Open the interactive RBACMap →