cancel
Showing results for 
Search instead for 
Did you mean: 

Users with Environment Admins or System Admin roles should not be allowed to open Microsoft support requests

Currently users who are Environment admins or System Admins in a Power Platform environment created by them are able to submit a support request to Microsoft, this should not be allowed as this bypasses the IT Process of a company and users can contact Microsoft Support directly without contacting internal IT Service Desk. 

 

Only users with Azure AD roles like Power Platform Administrators or Global Admins should be allowed to open support requests with Microsoft. 

Status: New
Comments
rkaush
New Member

I agree to what Bhavik has suggested.

It's a security concern for any company who uses Office 365, if every user is able to approach Microsoft directly with support requests.

It has to be changed!

vintyagi
New Member

I totally agreed with Bhavik that he has suggested in this community thread.

Requesting you to please change it so that every user should not able to create support requests for the issues which they are having.

rajegarg
New Member

End user with Environment admins or System Admins in a Power Platform environment created by them are able to submit a support request to Microsoft because its a violation of IT process.  

yalagala
New Member

Yes,100% agreed with Bhavik

sbhatn
New Member

Agreed with Bhavik!

Navman
New Member

This is not a good idea for smaller organizations where the administrators are the IT people as well.  We need this ability to remain.   Our global admins are more architectural people and we App Admins do not have global environmental admin rights.  Removing this ability would severely hamper our ability to support the solution.

AJ_Z
Super User

I am currently agreeing with @Navman many organisations I have worked with or consulted grant this permission to users who have knowledge of power apps and power platform and are actively developing solutions for Production use. Env Admins and Sys Admins roles are not typically granted to generic end users. These roles are saved for those who will need to inevitably raise Microsoft tickets. If this is removed we will need a 'can raise Tickets role' added so we can add all our Sys Admins and Env admins to this.

 

Generic End Users should be given the Basic User Role and any role that they need to access only what they need. Sys Admin is not a role you should just be giving to end users Ideally. I always think hard before granting it and usually opt to make a custom security role in many scenarios instead of giving true System admin. I also feel the name of the role system admin infers a level of authority that the holder of this role should have over the environment including the authority to raise tickets in relation to the environment they are admin of. 

 

I personally think if your end users are needing a sys admin or env admin role there is likely something missing in the security role process your organisation might be following. As Sys admins can restore and delete environments etc. Perhaps your users would instead benefit from some new custom roles. I would be interested to understand why a basic user might need system admin rights to something :). 

@bhavikjain if you have specific questions around security roles and who should get what feel free to reach out to me I would be interested to understand your scenario. 

saleemahmed
New Member

 Yes I Agreed with Bhavik!