Overview
This article explains how to create a new user in Microsoft 365 and assign them the Global Administrator role. Global Administrator is the highest-level role and should only be given to trusted individuals as it grants full access to all Microsoft 365 services and settings.
Step 1: Sign in to Microsoft 365 Admin Center
-
Go to https://admin.microsoft.com.
-
Sign in with an existing Global Administrator account.
Step 2: Create the New User
-
In the left-hand navigation pane, select Users > Active users.
-
Click Add a user.
-
Enter the required details:
-
Name (First and Last)
-
Display name
-
Username (UPN) → example: user@yourdomain.com
-
-
Choose the Automatically create a password option (recommended).
-
Ensure Require this user to change their password when they first sign in is checked.
-
Click Next.
Step 3: Assign the Global Administrator Role
-
On the Assign product licenses page, select a license if required.
-
Continue to the Optional settings > Roles section.
-
Select Admin center access.
-
Choose Global Administrator from the list of roles.
-
Click Next.
Step 4: Review and Finish
-
Review the details you entered.
-
Click Finish adding.
-
Copy or download the user’s credentials securely.
Step 5: Test the New Global Administrator Account
-
Sign out of the Admin Center.
-
Log in with the new user’s credentials.
-
Confirm that the account can access Admin Center and has full admin rights.
Security Best Practices
-
Limit the number of Global Administrators to two or three maximum.
-
Use Privileged Identity Management (PIM) or enable Multi-Factor Authentication (MFA) on all admin accounts.
-
Do not use Global Admin accounts for day-to-day email or Teams activity.
⚠️ Important: Only assign the Global Administrator role when absolutely necessary. For everyday tasks, consider assigning more restrictive roles such as User Administrator, Exchange Administrator, or SharePoint Administrator.
