๐๐ข๐๐ซ๐จ๐ฌ๐จ๐๐ญ’๐ฌ ๐ง๐๐ฐ ๐๐ฎ๐ข๐ฅ๐ญ-๐ข๐ง ๐๐๐๐ ๐ซ๐จ๐ฅ๐ โ ๐๐๐๐ฆ๐ฌ ๐๐ฑ๐ญ๐๐ซ๐ง๐๐ฅ ๐๐จ๐ฅ๐ฅ๐๐๐จ๐ซ๐๐ญ๐ข๐จ๐ง ๐๐๐ฆ๐ข๐ง๐ข๐ฌ๐ญ๐ซ๐๐ญ๐จ๐ซ (๐ซ๐๐ฅ๐๐๐ฌ๐ ๐จ๐ง ๐๐๐ซ๐ฅ๐ฒ ๐ ๐๐ ๐๐๐๐).
Instead of granting full Teams admin privileges, this new role allows you to delegate only federation management. So if someone is responsible for external domain access, they can handle it without getting access to the entire admin center.
With this role, admins can:
- Configure external access for federated domains
- Allow or block external domains
- Manage external access policies
โ ๏ธ One interesting twist: this role doesnโt provide access to the Teams admin center. All management is done only via PowerShell (didnโt expect that either).
If youโre following least-privilege best practices, this is a much cleaner way to delegate external collaboration tasks, without exposing the entire Teams environment.