Use the service admin role to manage your tenant

To help you administer model-driven apps in Dynamics 365, such as Dynamics 365 Sales and Dynamics 365 Customer Service, you can assign users to manage model-driven apps in Dynamics 365 at the tenant level without having to assign the more powerful Office 365 global admin privileges.

Users with the service admin role can:

  • Sign in to and manage multiple environments. If an environment uses a security group, a service administrator would need to be added to the security group in order to manage that environment.

  • Perform admin functions in model-driven apps in Dynamics 365 because they have the system admin role. The service admin must be assigned a license.

A service admin cannot do functions restricted to the Office 365 global admin such as manage user accounts, manage subscriptions, access settings for Office 365 apps like Exchange or SharePoint.


The service admin can manage environments of version 8.1 (Dynamics CRM Online 2016 Update 1) or later.

Service admin

Here's a matrix of what's available with the various Office 365 roles.

Office 365 role / feature Backup & restore Sandbox copy Configure new environments Manage an environment Add licenses Access support requests Access Service health Access Message center
Office 365 global admin Yes Yes Yes Yes Yes Yes Yes Yes
Exchange admin n/a n/a n/a n/a n/a n/a Yes Yes
Office 365 service admin No No No No No Yes Yes Yes
Office 365 user No No No No No No No No
Service admin Yes Yes Yes Yes No Yes Yes Yes
License administrator No No No No Yes No No No


For information on email approval, see Approve email.

See also