This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
The new and improved Power Platform admin center is now in public preview! We designed the new admin center to be easier to use, with task-oriented navigation that helps you achieve specific outcomes faster. We'll be publishing new and updated documentation as the new Power Platform admin center moves to general availability.
To help you administer environments and settings for the Microsoft Power Platform, you can assign users to manage the service at the tenant level without having to assign a role that provides access to other services within the tenant.
There are two Power Platform related service admin roles you can assign to provide a high level of admin management.
Note
These (and other) admin roles only apply to what you can do in the Power Platform admin center. For example, Dynamics 365 Finance and Dynamics 365 Supply Chain Management are currently not managed in the Power Platform admin center.
The Dynamics 365 admin can:
Users with the Power Platform admin role can:
Both service admin roles cannot do functions such as manage user accounts, manage subscriptions, access settings for Microsoft 365 apps like Microsoft Exchange or Microsoft SharePoint.
Follow these steps to assign a service admin role.
Note
When the Dynamics 365 administrator, Power Platform administrator, or Global administrator role is assigned to a user in Microsoft Entra ID, the user is no longer automatically assigned to the system administrator role in environments. For more information on how to gain access to the system administrator role and remove such access, see Manage admin roles with Microsoft Entra Privileged Identity Management.
To opt-out of automatic license-based user roles, see Opt-out of automatic license-based user roles management.
Sign in to the Microsoft 365 admin center as a Privileged Role Administrator role
Go to Users > Active users and select a user.
Under Account > Roles select Manage roles.
Select to expand Show all by category.
Under Collaboration select either Dynamics 365 administrator or Power Platform administrator.
Select Save changes.
Note
If you are using the Microsoft Entra Privileged Identity Management (PIM) time-based role activation to manage your service admin roles, see Manage admin roles with Microsoft Entra Privileged Identity Management.
Service Admin roles must be assigned directly to users, as inheriting from security groups is not fully supported.
The following matrix shows what management is possible with the various service admin roles compared to the Microsoft 365 global admin role.
Note
Global admin, Power Platform admin, and the Dynamics 365 admin roles must be directly assigned for a user. Role association through security groups is not supported.
| Microsoft 365 Global admin |
Power Platform admin |
Dynamics 365 admin |
Power BI admin |
|
|---|---|---|---|---|
| POWER PLATFORM | ||||
| Environments | ||||
| Full access1 | Yes | Yes | Yes2 | No |
| Create | Yes | Yes | Yes2 | No |
| Delete | Yes | Yes | Yes2 | No |
| Backup and restore | Yes | Yes | Yes2 | No |
| Copy | Yes | Yes | Yes2 | No |
| Ability to exclude access from selected environments (using security groups) | No | No | Yes | Yes |
| Analytics | ||||
| Capacity | Yes | Yes | Yes2 | No |
| Capacity allocation (Power Apps per app plans, Power Automate, AI Builder, and Portal) | Yes | Yes | Yes2 | No |
| Microsoft Dataverse | Yes | Yes | Yes2 | No |
| Power Automate | Yes | Yes | Yes2 | No |
| Power Apps | Yes | Yes | Yes2 | No |
| Help + support | ||||
| Create and access support requests | Yes | Yes | Yes2 | No |
| Data integration | ||||
| Create new project and connection set | Yes | Yes | Yes2 | No |
| Data gateways | ||||
| View gateways | Yes | Yes | Yes2 | No |
| Data policies | ||||
| View and manage tenant policies | Yes | Yes | Yes | No |
| View and manage environment policies | Yes | Yes | Yes | No |
| Copilot | ||||
| View Copilot page in Power Platform admin center | Yes | Yes | Yes | No |
| POWER BI | ||||
| Manage the Power BI tenant | Yes | Yes | No | Yes |
| Acquire and assign Power BI licenses | Yes | No | No | No |
| MICROSOFT 365 | ||||
| Create users | Yes | No | No | No |
| Add security roles | Yes | No | No | No |
| Add licenses | Yes | No | No | No |
1Equivalent permission level to a System Administrator after self-elevation. Has full permission to customize or administer the environment, including creating, modifying, and assigning security roles. Can view all data in the environment - if the user has a suitable license.
2If no security group is assigned to the environment, or if a security group is assigned and the user with this role is added to it.
Training
Module
Administer Microsoft Power Platform subscriptions - Training
Learn about the default capabilities that you have access to with your Microsoft Power Platform subscriptions.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.