Exchange Online 365 Administration – Segmenting/Assigning User/Mailbox Management

Posted on Updated on

You can use Exchange Online Roles Based Access Control (RBAC) to accomplish segmenting out different Exchange Administrators to manage a specific set of users. For example, to grant the Recipient Management rights of each SMTP domain, use PowerShell commands like this, which creates a new Management Scope, a Role Group and then assigns an administrator for this group, which will have the rights to manage users assigned to a particular email domain:

Delegate Administration Permission Per Domain

Setup a new Exchange Online Management Scope

New-ManagementScope -Name “ Management Scope” -RecipientRestrictionFilter -RecipientRestrictionFilter {WindowsEmailAddress -like *}

New Role Group

New-RoleGroup “ Recipient Managers” -Roles “Recipient Policies”,”Mail Recipient Creation”,”Distribution Groups”,”Mail Recipients”,”Message Tracking”,”Reset Password” -CustomRecipientWriteScope “ Management Scope”

Add Administrator to RoleGroupMember

Add-RoleGroupMember “ Recipient Managers”  -Member “

Note – You will need to massage some of the above parameters, such as the -Member parameter, in order to input your own Exchange Online Admin account that you want to add to the new RoleGroupMember, which is assigned to a newly created Exchange Online Management scope.

Whatcha thinkin?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s