Microsoft 365 Admin Center: A Practical Guide for Non-Technical Business Owners

Somewhere along the way, someone made you a Microsoft 365 admin. Maybe you are the business owner and it happened by default when you signed up. Maybe you are the office manager and the IT person left. Maybe you are the most technically inclined person in a company where that bar is low. Whatever the reason, you now have access to the Microsoft 365 admin center, and it controls everything: who has email, who can log in, what they can access, and how much you pay Microsoft every month.

The admin center is not complicated once you know where things are. But Microsoft does not exactly make it easy to find what you need if you have never been in there before. If you are still deciding between Microsoft 365 and Google Workspace, the admin experience is one of the key differences – see our platform comparison for details. If you have already committed to M365, this guide walks through the sections you will actually use, in the order you are most likely to need them.

Getting to the admin center

Go to admin.microsoft.com and sign in with your admin account. If you are not sure which account has admin access, try logging in with the email you use for your business Microsoft 365. If you see the admin center dashboard after logging in, you have admin access. If you do not see it, you do not have the Global Administrator or any admin role assigned to your account.

The admin center has a left navigation panel with expandable sections. The main areas you will use are Users, Billing, Settings, and Health. Everything else exists but is less frequently needed for day-to-day management.

Adding a new user

This is the most common admin task. A new employee starts and needs an email address and access to Microsoft 365.

1. In the left navigation, go to Users > Active users
2. Click Add a user at the top
3. Fill in their name, username (this becomes their email address), and set a temporary password
4. On the next screen, assign a license. Choose the plan that matches their role. Not everyone needs the same plan.
5. Set their role. For most employees, leave it as “User (no admin access).” Only assign admin roles to people who genuinely need them.
6. Click Finish adding

The user’s mailbox, OneDrive, and Teams access are provisioned automatically within a few minutes. Give them their username and temporary password. They will be prompted to change the password on first login.

If you need to set up MFA for the new user (and you should), see the MFA section below.

Removing a user or handling a departure

When an employee leaves, you need to do more than just delete their account. There is a specific sequence to follow to preserve their data, revoke access, and stop paying for their license. The full process involves blocking sign-in, revoking sessions, converting the mailbox, handling OneDrive files, removing from groups, and removing the license.

We have a complete Microsoft 365 offboarding checklist that walks through every step in order. The short version for immediate action:

1. Go to Users > Active users, find the user
2. Click their name, then click Block sign-in at the top. This immediately prevents them from logging in.
3. Click Reset password and set a new password they do not know (as a safety measure)

Then work through the rest of the offboarding steps when you have time. The block and password reset are the urgent parts.

Resetting a password

1. Go to Users > Active users
2. Find the user (use the search bar)
3. Click their name
4. Click Reset password
5. Choose whether to auto-generate a password or set one manually
6. Choose whether to require them to change the password on next sign-in (yes, usually)
7. Click Reset

The new password takes effect immediately. If the user is currently logged in on any device, their existing sessions continue to work until the session token expires. If you need to force them out immediately (for security reasons), click Sign out of all sessions on the user’s profile page after resetting the password.

Assigning and removing licenses

Licenses control what each user can access and how much you pay. Each user needs a license to use Microsoft 365 services.

Assign a license

1. Go to Users > Active users
2. Click the user’s name
3. Click Licenses and apps
4. Check the box next to the plan you want to assign
5. Click Save changes

Remove a license

Same steps, but uncheck the box. Before removing a license, make sure you have preserved the user’s data, especially their mailbox and OneDrive files. Removing a license starts a 30-day countdown to data deletion.

Check how many licenses you have

Go to Billing > Licenses. This shows each plan you own, how many licenses are purchased, and how many are assigned. If you have more purchased than assigned, you are paying for unused seats. If you have more assigned than purchased (which can happen with trial licenses expiring), some users may lose access.

Review this quarterly. It is common for businesses to accumulate unused licenses as employees leave and nobody remembers to reduce the license count. See our licensing guide for details on what each plan includes and how to right-size.

Setting up MFA

Multi-factor authentication is the single most important security setting in your tenant. It prevents stolen passwords from being used to access accounts. If you do nothing else in the admin center, do this.

The simplest approach: security defaults

If you are on Business Basic or Standard and do not have conditional access:

1. Go to Entra admin center (click “Show all” in the left navigation, then Identity, or go directly to entra.microsoft.com)
2. Go to Overview > Properties
3. Click Manage security defaults
4. Set it to Enabled
5. Click Save

Security defaults require MFA for all users using the Microsoft Authenticator app. It is the simplest way to enforce MFA across the organization.

For Business Premium: conditional access

If you are on Business Premium, you have access to conditional access policies, which give you more control than security defaults. You can require MFA for specific users, from specific locations, or on specific devices. Setting up conditional access is covered in our M365 security hardening guide.

Verify MFA status

To check which users have MFA registered:

1. Go to the Entra admin center
2. Go to Protection > Authentication methods > User registration details
3. This shows each user, whether they have registered for MFA, and which methods they use

Any user showing “Not registered” is logging in with only a password. Fix this.

Checking service health

When email stops working or Teams is down, the first question is: is it us or is it Microsoft?

1. In the admin center, go to Health > Service health
2. This shows the current status of every Microsoft 365 service (Exchange, Teams, SharePoint, OneDrive, etc.)
3. Green checkmarks mean the service is healthy. Yellow or red indicators mean there is an issue on Microsoft’s side.

If you see an active incident for the service that is not working, Microsoft is aware of it and working on a fix. There is nothing you can do on your end except wait. The service health page includes updates from Microsoft with estimated resolution times.

If the service health page shows everything green but your users are having problems, the issue is likely specific to your tenant, your network, or a specific user’s configuration.

Signing up for notifications

Go to Health > Service health > Preferences and configure email notifications for service incidents. This way you are notified when Microsoft reports a problem rather than finding out when employees start messaging you.

Managing groups

Microsoft 365 has several types of groups, and they get confusing quickly. The admin center lets you manage all of them.

Go to Teams & groups in the left navigation. You will see:

• Active teams & groups – all Microsoft 365 Groups, distribution lists, mail-enabled security groups, and security groups
• Shared mailboxes – mailboxes shared between multiple users

For most day-to-day management:

• To create a shared mailbox (like info@ or support@), go to Teams & groups > Shared mailboxes > Add a shared mailbox
• To create a distribution list for announcements, go to Teams & groups > Active teams & groups > Add a group and select “Distribution”
• To see all group types and when to use each, see our Groups vs Distribution Lists vs Shared Mailboxes comparison

Reading the audit log

The audit log records who did what in your Microsoft 365 tenant. It is useful when you need to investigate a security incident, check whether someone accessed a specific mailbox, or verify when a change was made.

1. Go to the Microsoft Purview compliance portal (compliance.microsoft.com) or search for “Audit” in the admin center
2. Click Audit in the left navigation
3. Set the date range and activity type you want to search
4. Click Search

Common searches:

• File accessed – who opened a specific SharePoint or OneDrive file
• User logged in – login history for a specific account (useful for investigating compromised accounts)
• Mailbox access – who accessed a specific mailbox (useful for shared mailbox investigations)
• Admin activity – changes made by admin accounts (password resets, license changes, role assignments)

Audit logs are retained for 90 days on Business Basic and Standard, and 180 days on Business Premium. If you need longer retention, you need to export the logs or configure extended retention through Microsoft Purview. This is also separate from data backup, which protects your actual emails and files.

The sections you can mostly ignore (for now)

The admin center has many sections. As a non-technical admin handling the basics, you can safely skip these until you need them:

• Exchange admin center – advanced email configuration. You only need this for mail flow rules, transport rules, or detailed mailbox settings that are not available in the main admin center.
• SharePoint admin center – site management, sharing policies, storage quotas. Relevant if you actively use SharePoint for file management.
• Teams admin center – Teams policies, meeting settings, calling configuration. Relevant if you need to customize Teams beyond the defaults.
• Compliance/Purview – data loss prevention, retention policies, eDiscovery. Relevant for regulated industries.

These are important features, but if you are a non-technical admin handling the basics, the main admin center covers what you need for day-to-day operations. The specialized admin centers are where a managed M365 provider adds the most value, because the configuration in those areas has security and compliance implications that are easy to get wrong.

Common admin mistakes

Giving everyone Global Admin. Global Admin can do anything in the tenant, including deleting all data, changing all passwords, and removing all other admins. Limit Global Admin to two or three accounts. For everyone else, use role-specific admin roles (User Administrator, Exchange Administrator, etc.) that only grant the permissions they need.

Not checking billing regularly. Licenses accumulate. Former employees keep their licenses. Trial licenses expire and convert to paid. Check Billing > Your products monthly to make sure you are only paying for what you use.

Skipping MFA. Every month you delay MFA is a month where a single stolen password can compromise your entire tenant. This is not a theoretical risk. It happens to small businesses constantly. Enable it today.

Not having a second admin. If you are the only Global Admin and you lose access to your account (forgotten password, compromised account, locked out by MFA), nobody can manage the tenant. Always have at least two Global Admin accounts, and make sure the second one is tested and accessible.

Making changes without understanding the impact. Deleting a user account is not the same as removing a license. Changing a setting in the Exchange admin center can affect every user in the organization. If you are not sure what something does, do not click it. Ask first.

When to hand it off

The admin center is manageable for adding users, resetting passwords, checking service health, and basic license management. But there is a point where the complexity exceeds what a non-technical admin should be handling alone:

• Security hardening (conditional access, Defender configuration, Intune policies)
• Compliance configuration (retention policies, DLP rules, eDiscovery)
• Email flow troubleshooting (mail not delivering, SPF/DKIM/DMARC issues)
• Incident response (compromised accounts, data breaches)
• Migration projects (moving from another platform to Microsoft 365)

These are areas where mistakes have real consequences and where a managed M365 provider is worth the investment. You should not have to become a Microsoft 365 expert to run your business. You should be able to handle the basics confidently and know when to bring in help.

If you are managing your Microsoft 365 tenant and feel like you are in over your head, or if you just want a second set of eyes on your configuration, reach out through our contact page. We can review your tenant and tell you what is configured well and what needs attention.