In CoreView, we categorize an operator as any individual within your organization who requires access to CoreView, regardless of the reason. The utilization of CoreView extends beyond the traditional IT-defined delegated administrator role, encompassing individuals in various business roles, such as:
- CIO/DCIO/CISO: they can access different CoreView dashboards and key performance metrics.
- Legal Staff: they can place individuals on or off litigation hold as required.
- Human Resources: they can access or maintain employee demographic information.
An operator's identity is sourced from accounts in Microsoft 365, referred to by CoreView as an “Organizational account” (meaning that the account belongs to the customer's Microsoft Entra ID).
Operators vs. Tenant Admins
In the Essentials solution, all operators have a Tenant Admin role.
When talking about “Operators” and “Tenant Admins”, it is important to highlight that while the processes of creating a CoreView operator and creating a Tenant Admin are similar, the key distinction is that organizations typically only create “Operators” when they intend to implement some form of delegation.
All activities are recorded in an Audit Log, accessible to any Tenant Admin. Furthermore, via the “Manage operators” function, a Tenant Admin can view a comprehensive list of all operators and access the specifics of their operator accounts.
Tenant Admins are the global admins of the CoreView system, whereas operators are limited to the functions defined by roles, permissions, License Pools, and Virtual Tenants.
In the Essentials and Professional solutions, operator roles cannot be defined by Virtual Tenants or License Pools unless these are purchased as an add-on.
Operators use cases
Below are examples of when a CoreView operator account might be assigned to someone in your organization.
Microsoft 365 Administrators | Creating operators as Tenant Admins is a common practice to allow full management of Office 365. |
Help Desk Staff | Help Desk staff may benefit from access to CoreView for a variety of reasons. |
Delegated Exchange Administrators | If your organization's IT services are delegated, you may choose to delegate access to CoreView's exchange management capabilities. |
Legal Staff | You may provide members of your legal department access to CoreView to allow them to place or, or remove accounts from, legal hold. |
CIO/CTO | Your CIO or CTO may desire access to CoreView to view the executive-level dashboards, license optimization or chargeback reports. |
A CoreView operator is an account created in CoreView by a Tenant Administrator. This account enables the associated individual to log into CoreView and carry out technical or business activities. The operator types listed below are not official CoreView categories, but rather functional “use cases” provided for illustrative purposes. Each customer may decide how they wish to manage their operators.
Common Operator Types | Description |
---|---|
Tenant Administrator Technical Role |
A “Tenant Administrator” in CoreView is an operator who has been granted the specific “Tenant Admin” role in CoreView. This type is analogous to someone being a Global Admin in Microsoft 365. Individuals in this type of role usually fall under one or more of an organization’s security policies pertaining to anyone who has been assigned elevated permissions. A “Tenant Admin” typically does not need to be a Global Admin in Microsoft 365 to use CoreView and perform the functions of a “Tenant Admin”. One of the accessible benefits is indeed the reduction of global admins on Microsoft 365 due to the delegated operators on CoreView. |
Delegated Administrator Technical Role |
A “Delegated Administrator” in CoreView is an operator who is typically granted permission to execute management actions on Microsoft 365 on behalf of the business unit to which they are assigned. Individuals in this type of role may fall under one or more of an organization’s security policies pertaining to someone who has been assigned elevated permissions. Examples would involve managing users, mailboxes, groups, and so on. |
Delegated Operator Business Role |
A “Delegated Operator” in CoreView is an operator who is typically granted read-only permissions to view dashboards and/or run reports. This type of account is considered more business-oriented, meaning it would be issued to someone who isn’t a mainstream IT person. Depending on the need, a “Delegated Operator” may be granted permission to run a limited set of management actions that are relevant to their business function. For example, granting an attorney permission to allow them to add or remove a Litigation Hold against a user’s mailbox or giving an “Administrative Assistant” permission to manage a business unit’s distribution lists. |