User roles in Workplace Analytics

Users of Workplace Analytics require the proper level of access to areas of the product to be able to perform their required tasks. This topic describes the roles and responsibilities of users and the levels of access that each role requires.


The administrator of Office 365 or Azure Active Directory grants the levels of access that are described in this topic.

Role descriptions and access levels

These are the Workplace Analytics roles and their level of access:

  • Analyst - Has full access to all service features except two pages (Upload and Admin settings) that are meant only for admins. The Analyst role provides analysts with the most complete access to data.

  • Analyst (Limited Access) - Same access as for those in the Analyst role but with the following restrictions:

    • No access to Queries.
    • Only read-only access to the Analysis settings page (on which meeting exclusion rules are defined).
  • Administrator - Has access to the Settings menu and through it the Data sources, Upload, and Admin settings pages. The Workplace Analytics admin has the responsibility to configure privacy settings and system defaults and to prepare, upload, and verify organizational data.


    Workplace Analytics admins are not Office 365 admins. Therefore, unless they have also been granted the role of Office 365 administrator, they have access only to organizational data, not to Office 365 data.

  • Program manager - Has access to the Home page of Workplace Analytics. Program managers also can open the Plans page and its Manage page, where they can set up plans; and to the Track page, where they can track the progress of active plans and the state of ended plans.


People managers is not assigned like the other roles. They get access to their team's data in Workplace Analytics as set in Manager settings.


User roles are each distinct in their assigned responsibilities and access permissions. Each user role only gives access to actions, pages, dashboards, and data that correspond with that role. Roles are assigned independently, are non-cumulative, and do not roll up.

User access

The following shows who can access what in Workplace Analytics.

Page Page description Administrator Analyst Analyst (Limited Access) Program manager People manager
Home View highlights from the latest data; see the latest notifications checkmark checkmark checkmark checkmark (team only)
Explore: View a series of dashboards that provide insights into the way your organization collaborates checkmark checkmark checkmark
Queries: Perform deeper exploration of the data through custom querying tools checkmark
Plans Create programs to help participants improve workplace behaviors. checkmark checkmark checkmark checkmark (team only)
Sources: Help to verify that the Office 365 data and organizational data have been loaded properly and are available for analysis checkmark checkmark checkmark
Upload: Upload an organizational data file to Workplace Analytics checkmark
Analysis settings: Exclude meetings from analysis that would otherwise skew your results. The Analyst (Limited access) role has read-only access to this page. checkmark checkmark
Admin settings: Configure system defaults, privacy settings, and manager settings checkmark

Functions performed

The following shows who can do what in Workplace Analytics.

Function Administrator Analyst Analyst (Limited Access) Program manager People manager
Configure system defaults, privacy settings, and manager settings checkmark
Upload organizational data into the system checkmark
Use the full set of analyst tools on the Sources and Analyze (Explore and Queries) pages to perform analysis checkmark
Serve as HR data provider and Workplace Analytics tool owner checkmark
Help coordinate, setup, and manage change plans checkmark checkmark (team only)

Levels of responsibility

People with access to Workplace Analytics should ideally have previous experience for their level of access. Preferably, they should have previously undergone security and privacy training in handling sensitive data.

Access level Administrator Analyst Analyst (Limited Access) Program manager People manager
Ability to view personally-identifiable, individual-level organizational data (including email addresses and HR fields such as level and organization) checkmark
Ability to view de-identified, individual-level data:
  1. Organization data (HR fields such as level or organization)
  2. Office 365 data (metrics about collaboration time and relationships)
Ability to view aggregated and de-identified Office 365 data (metrics about collaboration time and relationships) checkmark checkmark
Can create custom plans to be deployed to groups and can influence the pages that users see in MyAnalytics checkmark checkmark (team only)

Suggested personas

Consider the following personas when granting the different levels of access to Workplace Analytics.

Persona Administrator Analyst Analyst (Limited Access) Program manager People manager
Executive/business leader checkmark
Program manager checkmark checkmark checkmark checkmark
Analyst/data scientist checkmark
HR data provider / Workplace Analytics tool owner checkmark
Group or team manager checkmark

Access to resources

In Azure Active Directory, you can assign access rights to users by assigning roles to them. For general information on accessing resources, and for information on the specific methods of role assignment in Azure AD, see Related topics.

Aspects of role assignment

How many assignees?

The size of your organization and your requirements for managing organizational data determine the number of people to whom you assign the roles of Workplace Analytics admins and analysts. The number of analysts should be as many as your organization requires to perform data analysis. Workplace Analytics imposes no limit on the number of role assignments.

Multiple roles for one person

You can assign multiple Workplace Analytics roles to one person. It's up to your organization to choose who is assigned which role or roles. Examples:

  • One person can be both an Office 365 admin and a Workplace Analytics admin.
  • One person can be both a Workplace Analytics admin and a Workplace Analytics analyst. It is best practice, however, to assign the admin and analyst roles to different people to prevent any misuse of or external linking to organizational data with collaboration metrics.

In the Azure Portal, you can assign multiple roles to one account but you can assign only one role at a time. In the Azure portal, add the first role, click Select, return to the user list, and then select the same account again to choose the next role for that account. (Note that role assignment in Workplace Analytics is performed in the Azure Portal and not in the Office 365 dashboard.)

Limiting analyst access

The analyst (limited access) role is for an analyst who needs access only to the insights that are displayed in the Workplace Analytics Explore dashboards.