💡 Our Technical Review in summary
Summary
- Microsoft is introducing a new built-in Role-Based Access Control (RBAC) role specifically for the Microsoft Teams admin center (TAC) called Teams Reader.
- This role provides read-only access to most configurations and settings within the Teams admin center, allowing users to view data without the ability to make changes or updates.
- The rollout is scheduled for June 2025 for Worldwide/GCC environments and July 2025 for GCC High/DoD environments.
Impact
- Security & Governance: This role supports the principle of least privilege by allowing auditors, support staff, or junior admins to inspect configurations without the risk of accidental modifications.
- Scope of Access: Users assigned this role can view most settings managed by a Teams Administrator. However, initial limitations include no access to Teams management, Meeting/Call details, Notifications & Rules, Frontline worker deployment, or the Collaboration activity dashboard (though several of these are marked for future inclusion).
- Administrative Units: The role is compatible with Administrative Units (AUs), allowing organizations to delegate read-only access to specific subsets of users or regions via the Entra admin center.
- Management: Global Admins can assign or unassign this role through the Microsoft Entra admin center or the Microsoft 365 admin center.
Action Required
- Review Current Assignments: Identify users who currently hold the “Teams Administrator” role but only require visibility for reporting or auditing. Plan to transition these users to the “Teams Reader” role to improve security posture.
- Update Internal Documentation: Refresh your organization’s internal IT governance and RBAC documentation to include this new role and its specific permissions.
- Inform Global Admins: Ensure all Global Administrators are aware of this new role so they can utilize it during the next permission review cycle.
- Monitor for Updates: Keep track of future updates to this role, as Microsoft has indicated that access to Teams management and Call details will be added shortly after the initial rollout.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
We’re excited to announce the rollout of a new built-in role-based access control (RBAC) role in the Microsoft Teams admin center called Teams Reader. This role is designed to provide read-only access across all* pages in the Teams admin center, enabling secure visibility without the risk of unintended changes.
[When this will happen:]
General Availability (Worldwide, GCC): We will begin rolling out early June 2025 and expect to complete by late June 2025.
General Availability (GCC High, DoD): We will begin rolling out early July 2025 and expect to complete by late July 2025.
[How this will affect your organization:]
The new Teams Reader role is ideal for scenarios where visibility into Teams admin settings is required without granting edit permissions.
The new role can read everything* that the Teams admin can manage but not update anything.
*Role limitations
- No access to view Teams management (will be added soon; we will update this post when available)
- No access to Meetings & Calls details of users (will be added soon; we will update this post when available)
- No access to Notifications & Rules management (will be added soon; we will update this post when available)
- No access to Frontline worker deployment management
- No access to the Collaboration activity dashboard
Global admins can perform assign/unassign operations for the new RBAC role from the Microsoft Entra admin center or Microsoft 365 admin center. This new role will be available to be assigned to Administrative units as well from the Entra admin center or the Microsoft 365 admin center.
[What you need to do to prepare:]
This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. Notify your Global admins about the availability of this new role. Update internal documentation and training materials to reflect the new role and its capabilities.
Learn more: Use Microsoft Teams administrator roles to manage Teams – Microsoft Teams | Microsoft Learn (will be updated before rollout)
