Manage Microsoft Teams Numbers & Users With Access Control Lists 

Manage Microsoft Teams Numbers & Users With Access Control Lists 

Enterprise number and user management in the Teams Admin Center (TAC) means every Microsoft Teams admin has access to your entire Teams estate. That’s every user and every phone number.

You’ve got departments, campuses, and locations all with different requirements and priorities. You’ve got constant requests for moves, adds, and changes. At any given time, John, who is the campus manager for a large university, has access to make any change he wishes – even if he has no knowledge of the campus or set of users or phone numbers within that campus.

What’s more, John’s got your entire Microsoft tenant to sift through and filter when he needs to make even the most basic change for a single user. So, as well as the potential for John to make changes to the wrong set of users, it’s easy for him to mistake James Smith in Liverpool when there’s also a James Smith in London.

As an admin, you need access to the users and numbers you are responsible for and nothing more. This might be geographical, departmental, or any other criteria that qualifies you to have access to a specific set of users. 

Only, when administering Teams, if you’re a Teams admin, you have access to everything. And, when everything includes thousands and thousands of users across multiple departments and locations, administering the admin becomes a full-time job. 

It doesn’t have to be this way. You can now make the conscious decision to lock down the access each admin has.

Enter: access control lists. 

What are access control lists in Callroute? 

Access control lists are pretty self-explanatory at the most basic level. You’re creating lists for who has access to what; in list format. 

Rather than your Teams Admin Center and entire Teams tenant being a complete free for all (where all admins have access to tinker with any location, team, department, or user), access control lists will allow specific Callroute admins to access and manage specific groups. 

For example, if you’re tasked with managing the users and numbers for a site in London, but have access to the users in New York, there’s a chance you could mistakenly make a change to a user or group of users. All it takes is a similar looking name or a phone number with the same number string and human error can kick in. 

That’s not a dig at your staff, either. Manual processes and changes account for the majority of provisioning errors, with some businesses able to save $500,000 per year through the introduction of auto-provisioning. 

Why are access control lists needed? 

After speaking to a large portion of our customers and fellow Teams admins, it’s become clear that getting staff the right access in Teams tenants has become a real problem. 

Especially in large businesses, where you might have dedicated Teams admins or it’s a time-consuming part of an IT admin’s day, the amount of time lost simply getting to the right user, number range, or group of users is ridiculous. 

The simple change to access control lists is a real time-saver for admins presented with lists and lists of user information. 

In the cases of universities, for example, this means the person who looks after a particular faculty will only be able to access and manage users of that faculty rather than entire university. 

So, if Harvard Business School, with its main campus in Cambridge, Massachusetts, also has a campus in Dubai, it can now section off the Dubai Teams admin to only have access to the campus they support

The result? More efficient Teams management and a dramatically reduced chance of making changes to users outside their scope. 

You may also like: How Universities Can Save $92,000 On Microsoft Teams Provisioning

Isn’t this just role-based access? 

Not quite. Callroute already supports role-based access so you can limit what admins can change based on their role, department, or seniority. 

Access control lists add the control to only manage those numbers and users for a defined set of users. Regardless of the job role or seniority, Tim Jones, who works in the New York campus and looks after all US sites now only has access to make changes to those users. 

With role-based access, Callroute enables the delegation of administrative tasks among multiple administrators. We offer a range of pre-defined user roles alongside custom roles you can tailor to your specific needs, defining granular permissions. 

Role-based access for Microsoft Teams user and number management

How do access control lists work? 

Admins can create custom control roles and associate them with an access control list, providing those users/admins with access to controlled resources. 

A group can be anything your business deems relevant: 

  • Locations 
  • Department 
  • Exec level 
  • Night shift 
  • Anything you decide is right for your business 

That’s the beauty of it. There’s no restriction on what you can choose as the criteria (unlike role-based access). 

The access control list might also be specific to phone numbers per region. If you only want certain Teams admins to make changes to number assignments, you can lock these down too. If your London site has niche requirements, deem it so that other admins outside of London can no longer make changes to your London numbers.

You can also use AD attributes to inform the access control lists. So, if users have specific text included, you can attribute them and add them into a group. 

Management of these access control lists is possible via super admins. These super admins can drop users into groups that categorize them.  

Use cases for access control lists 

There’s no black or white use case for access control lists in Microsoft Teams. We’ve designed this so the customization and flexibility are there for anyone who needs it. 

Typically, we’re talking about large enterprises. Here are some examples of when access control lists provide enhanced productivity: 

  • Multi-organization teams: When you’ve completed a merger or acquisition, it may still be pertinent for the original IT teams to look after their original company’s Teams tenant (or department or set of users depending on how/if you merge tenants). 
  • Cross-support teams: Where there are different admins responsible for a subset of Teams users. For example, different geographies have niche requirements and require specialist knowledge about sets of users. 
  • Universities: Multiple campuses mean different teams of users to administer by different IT admins. There’s little benefit in each admin having access to university-wide student accounts. 
  • Government bodies: District councils may have to look after offices other than the one they’re based in. Role-based access here would restrict the ability to make swift changes to important users. Access control lists grant them access to anyone within their defined user base, regardless of location. 

You may also like: How Local Councils Can Save 77% Of Time & Cost On User Provisioning

A large London University, for example, has over 100 different departments. On average, each IT admin manages around six of these. With access control lists, this University will have the ability for specific IT admins to have access to their six departments alone. 

This doesn’t just ensure the right people have access to the right users, but it also makes management of numbers and users more efficient. By reducing the number of users to search and filter within, admins save time and become more productive when making one-off changes. 

How to get access control lists for Microsoft Teams management 

Access control lists are being added to Callroute in early 2025. 

You can be the first to start benefiting from more targeted and effective administration by signing up to the wait list below. 

When live, we’ll email you and help get you set up. 

Ready to begin your journey to better Teams management?

Some Other Articles You Might Like

Join 463 other admins who receive Microsoft Teams tips each month
By signing up you agree to our Privacy Policy
Intermittent Microsoft Teams calling issues reported globally. This issue appears to be affecting all Microsoft customers worldwide. Microsoft are currently investigating the issue. All Callroute systems are fully operational. More information will be provided as soon as possible.