-
Notifications
You must be signed in to change notification settings - Fork 0
Gen3 Tenant Admin Tenant Owners
- Open Account Settings from the account menu for tenant policy and recovery posture.
- Use Management → Users for account lifecycle.
- Review Management → Observability for tenant-wide analytics.
- Browse Management → Model Catalog when you need deployment model inventory.
- Coordinate support contacts via Control Panel Email Settings when published addresses are wrong.
Owners hold tenant policy authority; misconfiguration here affects every user’s sign-in, recovery, and support experience.
Tenant Owner is the top tenant-app governance role in Gen 3. Owners can perform every tenant-manager workflow, plus the authority-bearing actions that remain intentionally restricted to owners.
In addition to the delegated workflows described in the Tenant Manager Guide, tenant owners can:
- assign and remove
Tenant Owner - assign and remove
Tenant Manager - manage elevated tenant accounts, not only standard tenant users
- edit owner-only tenant policy controls in Account Settings
- operate with full tenant-wide visibility in Observability
Use tenant-owner authority when the task changes who holds governance power inside the tenant app. Typical owner-only responsibilities include:
- deciding who becomes a manager or owner
- reviewing or correcting elevated-account posture
- approving tenant policy changes that affect recovery or support behavior
- resolving investigations that require unrestricted tenant-wide context
- Confirm the operational issue on Management → Users or Management → Observability.
- Decide whether the requested change affects authority boundaries, tenant-wide policy, or other elevated accounts.
- Apply the role, policy, or remediation change.
- Re-check observability or access state if the issue involved authentication, cost, or broad usage anomalies.
Use Users when you need to assign or remove Tenant Manager or Tenant Owner. This is owner-only because it changes who can govern the tenant, not just who can use the workspace.
Use Account Settings when tenant policy text, password-reset posture, or account-recovery guidance must change. If the page is being used only to review policy, managers and users may still have read-only context, but only owners can save the tenant-governance changes.
Use Observability when an incident spans multiple users, groups, or billing signals and delegated scope is not enough. Owners should use the wider view sparingly and only when the investigation truly requires tenant-wide context.
Use Users to disable, re-enable, reset MFA, or otherwise correct elevated accounts when governance access itself is the issue. Document the reason for the change and coordinate with other owners when appropriate.
Use owner authority when:
- the task changes who can govern the tenant app
- the target account is already elevated
- the fix requires tenant-wide policy or unrestricted tenant-wide evidence
Delegate to a tenant manager when:
- the work only affects standard tenant-user operations
- the issue is routine onboarding, MFA, or limited-scope support
- no tenant-policy or authority-boundary change is required
- Use owner authority only for tasks that truly require it.
- Avoid concentrating elevated access in more accounts than necessary.
- Pair sensitive changes with observability review when the issue touched authentication or misuse concerns.
- Keep managers empowered for delegated work, but do not blur the owner-only boundary.