We are wanting to allow our local helpdesk technicians at each of our sites to have the ability to look at users ActiveSync devices thru the O365 tenant portal. By default we quarantine all EAS devices and manually allow/block or delete device access requests.
These users don't have any admin access on the tenant. As mentioned, we JUST want them to have permission to quarantine/unquarantine user devices via the web interface as they wouldn't have powershell access. They shouldn't have access edit any mailbox features other that the mobile devices for users.
How is this managed? Please provide as granular details as possible and perhaps specific how to's.
I assume a new Role and permissions would required? Then users of the local helpdesk be added?
If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.