How to create a new Admin RBAC roles for a User in 365 to only manage Shared Mailboxes and Room Mailboxes in 365
Written by paris on May 4, 2022 . Posted in Research
Add Management Scopes to only allow access to those types of Mailboxes
New-ManagementScope -Name "Shared Mailbox Management" -RecipientRestrictionFilter {RecipientTypeDetails -eq "SharedMailbox"}
New-ManagementScope -Name "Room Mailbox Management" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox"}
Add Role groups for those ManagementScopes
New-RoleGroup -Name "Shared Mailbox Admins" -Roles "Mail Recipients" -CustomRecipientWriteScope "Shared Mailbox Management"
New-RoleGroup -Name "Room Mailbox Admins" -Roles "Mail Recipients" -CustomRecipientWriteScope "Room Mailbox Management"
Add the Users to the Roles in 365
Add-RoleGroupMember "Shared Mailbox Admins" -Member Test.User
Add-RoleGroupMember "Room Mailbox Admins" -Member Test.User
After this , the user can then go to Exchange admin center (microsoft.com) and login , they will see a list of users , but they will only be able to change delegation for SharedMailbox and Rooms
GD Star Rating loading...
GD Star Rating loading...
Tags: 365 , RBAC , roles , room mailbox , shared mailbox
Trackback from your site.
