Microsoft Teams: Streamlined unified Role-Based Access Controls (RBAC) for Teams device management

Originally posted by Microsoft Apr 17, 2025 Uncategorized 0 Comments

Microsoft Teams is enhancing Role-Based Access Control (RBAC) in the Teams Rooms Pro management portal (PMP) to support additional Entra built-in roles. The rollout will occur in May 2025 and requires no admin action. The new roles include Global Administrator, Global Reader, Teams Administrator, and Teams Device Administrator.

We are releasing Role-Based Access Control (RBAC) enhancements in the Teams Rooms Pro management portal (PMP). As part of our ongoing efforts to improve device management across portals, we will be extending PMP’s RBAC to support additional Entra built-in roles currently available in the Teams admin center (TAC). This transition aims to provide a seamless experience for admins managing Teams Rooms devices.

This message is associated with Microsoft 365 Roadmap ID 485760.

When this will happen:

General Availability (Worldwide): We will begin rolling out early May 2025 and expect to complete by mid-May 2025.

General Availability (GCC, GCCHigh): We will begin rolling out mid-May 2025 and expect to complete by late May 2025.

How this will affect your organization:

With these enhancements, PMP will now support these four Entra built-in roles:

  • Global Administrator: Read and write access to everything in PMP. Note that the Global Administrator role will no longer be automatically assigned to the Teams Rooms Pro Manager role in PMP.
  • Global Reader: Read-only access with some restrictions in the settings section, such as General, ServiceNow, Signals, and Plan Management.
  • Teams Administrator: Read and write access in PMP, honoring Entra permissions. However, the write access to certain entities like mailbox settings may be restricted. Teams admins assigned to an Administrative Unit (AU) will need to be assigned to a PMP custom role to access PMP.
  • Teams Device Administrator: Read and write access in PMP except for Roles and Partner Management functionalities. Similar to Teams Administrators, any Teams Device Administrator assigned to an AU will need to be assigned to a PMP custom role to access PMP.

View image in new tab

What you need to do to prepare:

This rollout will happen automatically with no admin action required.

Message ID: MC1056977

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: