Microsoft has rolled out a sweeping permissions overhaul for Viva Glint, its employee engagement and survey platform, adding a dedicated Service Administrator role and more granular controls for advanced configurations. The change, listed as Microsoft 365 Roadmap ID 547837 and last updated on July 6, 2026, marks a significant shift in how organizations govern access to sensitive HR sentiment data within the Microsoft 365 ecosystem.
What’s New: A New Admin Role and Sliced-Up Permissions
Until now, managing Viva Glint often required broad administrative privileges that could inadvertently expose survey results, feedback, and organizational hierarchies to users who didn’t need them. The update introduces a new Viva Glint Service Administrator role, which Microsoft says is designed to handle platform-level settings without automatically granting access to raw employee sentiment data. This role sits alongside existing global admin and HR-specific roles, but with a narrower scope.
The roadmap entry specifies that the overhaul targets “Advanced Configuration” features—think survey design, distribution rules, feedback integration, and reporting dashboards. Previously, these settings were bundled under larger roles like Global Administrator or Viva Admin, forcing organizations to over-provision access. Now, administrators can assign granular permissions for tasks such as managing survey templates, controlling data retention policies, or configuring integrations with Viva Insights or Teams—without also handing over the keys to view individual responses.
Key capabilities confirmed in the update include:
- Separated management of survey configuration vs. data access: A user can build and launch surveys without seeing the responses they generate.
- Delegated administration for reporting: HR teams can grant line managers access to aggregated team results without exposing company-wide data.
- Integration with Microsoft 365 Privileged Identity Management (PIM): The new role can be assigned just-in-time, aligning with zero-standing-access strategies.
Microsoft hasn’t yet published detailed documentation on the specific permissions matrix, but the roadmap’s “Advanced Configuration” label suggests deep knobs for customizing the platform’s behavior—something large enterprises with complex organizational structures have been requesting.
What This Means for You: Less Risk, More Control
For HR and People Analytics Teams
If you’re the person responsible for running engagement surveys, this is a big deal. You’ll no longer need to rely on IT to tweak survey logic or reporting rules, because the new role can be scoped to your exact responsibilities. More importantly, you can now collaborate with business partners or external consultants without exposing raw data. Imagine a scenario: an external survey vendor needs to help craft questions—you can grant access to the survey design module only, not the results dashboard.
For IT and Microsoft 365 Administrators
You’ve been asking for this. Many organizations avoided deploying Viva Glint because its permission model was too coarse—global admins didn’t want to touch it, and HR-specific roles were either too broad or didn’t exist. Now, you can model access precisely, reducing the blast radius if an account is compromised. The alignment with Privileged Identity Management means you can enforce approval workflows and time-limited access for sensitive operations, such as exporting raw survey data.
For Compliance and Data Privacy Officers
Sentiment data is inherently sensitive. Some jurisdictions have strict rules about who can see employee feedback, especially free-text comments that might reveal personal information. The granular controls allow you to implement least-privilege access, ensuring only individuals with a genuine need can view identifiable data. If your organization faces GDPR, CCPA, or internal ethics reviews, this overhaul makes it easier to demonstrate compliance.
For End Users (Survey Respondents)
You likely won’t see any direct change, but the promise is that your feedback remains more tightly controlled. With proper configuration, your manager won’t accidentally see your verbatim comment tagged with your department—instead, they might only see anonymous aggregated insights.
How We Got Here: Viva Glint’s Evolution and the Permission Problem
Viva Glint entered the Microsoft 365 suite in 2022 after Microsoft acquired Glint, a leading employee engagement platform. Integration was swift: Glint surveys started showing up in Teams, Outlook, and Viva Insights dashboards. But the administrative story lagged. Initially, managing Glint required Global Administrator or a custom Azure AD role with broad Microsoft 365 permissions—a sledgehammer approach that made security teams nervous.
By 2024, Microsoft introduced a few Viva-specific admin roles, but they still covered entire Viva modules (like Viva Insights Administrator), and Glint’s own configuration panel often demanded the same high-level clearance. The feedback from large customers was consistent: “We love the insights, but we can’t let our HR team manage the tool because their access would be too wide.”
Over the past 18 months, Microsoft has been slowly decomposing admin roles across its Viva suite. Viva Engage got dedicated community admin roles; Viva Learning received separate catalog management privileges. The Glint overhaul, which appeared on the roadmap in early 2026 and materialized in July, is the culmination of that trend. It also reflects a broader industry push toward zero-trust security models, where every access request is verified and minimized.
What to Do Now: Steps to Take
If your organization uses Viva Glint—or plans to—here’s a pragmatic action plan.
-
Audit Current Roles
Review who has access to Glint today. Identify accounts with Global Administrator, Viva Administrator, or any custom roles that might exceed what’s needed. Microsoft 365’s role assignments report in the admin center can help. -
Map Tasks to the New Role
Not every HR analyst needs Survey Configuration rights, and not every IT pro needs to see raw data. Match the new granular permissions to actual job functions. For example:
- Survey Designers: need survey template management.
- Reporting Analysts: need dashboard access but not distribution configuration.
- Compliance Officers: might require read-only access to data retention policies. -
Enable Privileged Identity Management
If you haven’t already, set up PIM for the Viva Glint Service Administrator role. This ensures that even trusted users must activate the role for a limited time, with justification and approvals. The Azure AD PIM configuration wizard now includes the new role. -
Test in a Sandbox
Before rolling out to production, pilot the role with a small group. Ensure that the scoped permissions actually allow them to do their jobs without breaking. Document any gaps you find—Microsoft often iterates on these roles based on feedback. -
Communicate with HR Stakeholders
This change may disrupt existing workflows. Explain that the extra friction (e.g., activating a role in PIM) is there to protect sensitive data. Provide training on how to request and use the new permissions. -
Monitor and Adjust
After implementation, keep an eye on the Microsoft 365 Roadmap and the Viva Glint admin documentation. Microsoft typically refines permissions and adds new capabilities quarterly. Use Azure AD sign-in logs and audit logs to track how the role is being used, and tighten or expand scope as needed.
Outlook: More Governance on the Horizon
The Viva Glint permissions overhaul isn’t a one-off. It aligns with Microsoft’s stated direction for the entire Viva suite: a “governance-first” model where data protection and admin control are built in, not bolted on. Expect to see similar fine-grained roles for Viva Insights, Viva Learning, and Viva Goals in the coming months. The Viva Glint Service Administrator is likely just the beginning—Microsoft has hinted at even more specialized roles, such as a “Glint Data Retention Manager” or “Glint Feedback Reviewer,” which could further dismantle the monolith of global admin access.
For organizations drowning in sentiment data but terrified of leaks, this is a welcome evolution. The real test will be adoption: whether companies rewrite their internal processes to take advantage of these controls, or simply perpetuate over-permissioning out of habit. The tools are now there—it’s up to admins and HR leaders to use them.