Description
Admin Access
Login to Shield
Each user signs in with their Microsoft 365 credentials. Once in Shield, those with Admin Access can toggle from end user to their admin access (Control Mode). There are no separate logins for end user and admin in Shield, the access for each is toggled through Control Mode.
Toggle Admin Access
When signed into Shield as an end user, enable Control Mode in the upper-right corner. This changes your experience to the Admin Access level you are granted for your Organization(s). To return to End User Access, toggle Control Mode to the off position, and you will be brought to the End User Access screen.
Admin Access is set per Shield User via Manage Access (below). There are four Admin Access levels in Shield:
- Superuser*: Can perform all actions for this Organization and all Organizations belonging to it.
- Administrator: Can perform all admin access actions for an individual Organization for any user access below the Superuser level. Each Administrator requiring admin access must be assigned at each Organization's level. Veto review requests can be disabled or enabled per Administrator, per Organization.
- Advisor: Can review vetoes and search mail flow for an individual Organization. Each Organization within the primary organization must be assigned admin access for each admin requiring Advisor access. Veto review requests can be disabled or enabled per Advisor, per Organization.
- Reader: Can view Organization information and search mail flow but cannot perform any actions on behalf of users.
*The account that activates the Shield Organization is automatically assigned Superuser access. This Superuser can assign additional Superusers and Administrators, Advisors, and Readers. All other admins besides the activating Superuser must be manually added to an Organization.
IMPORTANT: Any access granted at the Organization level is applied to all domains within the Organization. If a Shield User should have Admin Access to multiple Organizations, Admin Access must be set for each Shield User requiring Admin Access within each Organization.
Admin Access at the Control Level
The following features are accessible to both Superuser and Administrator accounts at the Organization Control level:
-
Find Email with Spotlight
- Use Spotlight to quickly find emails sent to or from this Organization.
- Use Search & Rescue to find mail users expected to receive but haven't seen yet.
- View Recently Sent to see what mail has made its way out of the Organization.
- View mail Recently held in Jail.
-
Manage Access
- Superusers can set access for all users.
- Administrators can set access for anyone below the Superuser level.
- Both Superusers and Administrators can set Veto access for all users.
-
Adjust Risk Levels
- Both Superusers and Administrators can set Risk Levels for the Organization and all users.
-
View Groups
- Both Superusers and Administrators can view the list of Groups configured in Microsoft for the Organization, as well as Sync with Microsoft.
- Changes to Groups may only be performed in M365 by authorized accounts.
-
View Domains
- Both Superusers and Administrators can view the list of Domains that are part of the Organization, as well as which domain is considered the Primary domain, and can Sync with Microsoft.
- Changes to Domains may only be performed in M365 by authorized accounts.
-
View Users
- Both Superusers and Administrators can view the list of Users in the Organization and Sync with Microsoft.
- Changes to Name, Primary Email Address, and Alias Addresses may only be performed in M365 by authorized accounts. All Shield-specific Preferences can be changed by both Superusers and Administrators. Within Shield Control, Admin Access allows for changes to Experience Level and Mailbox Mode. Admin Access also allows sending welcome emails.
The following features are also available from the Control page:
-
Veto Messages
-
- Both Superusers and Administrators can Veto messages, provided that they have been granted access to do so.
-
View recent activity for the Organization
- Both Superusers and Administrators can view all Recent Activity logged for the Organization.
Admin Permissions at the Shield User Level
As previously mentioned, because of the zero-trust model, partners cannot make all changes for an end user in Shield. The table below highlights which actions a Superuser or Administrator can perform for a Shield User and which actions only the Shield User can take.
Superuser | Administrator | Shield User | |
View mail headers | ✅ | ✅ | ✅ |
View message body | ❌ | ❌ | ✅ |
View message insights, links, files, details, timeline, location | ✅ | ✅ | ✅ |
View Lockbox | ✅ | ✅ | ✅ |
Lock a message | ❌ | ❌ | ✅ |
Unlock a message | ❌ | ❌ | ✅ |
View Trusted/Silenced Senders | ✅ | ✅ | ✅ |
Trust/Silence Senders | ❌ | ❌ | ✅ |
Deliver immediately vs Bundled | ❌ | ❌ | ✅ |
Change Bundle delivery times | ❌ | ❌ | ✅ |
For further assistance with Shield, please contact the Partner Success Team.
Comments