Forum Discussion
onlinenk
Jan 20, 2023Copper Contributor
Is there a granular permission for managing the 365 shared mailbox area?
In the Microsoft 365 admin center, I would like to grant one of our new technicians access to the Teams and groups > Shared Mailboxes page.
Adding the Exchange Admin role achieves this, but gives more access than we want to provide at this time. Is there a granular permission anywhere to only give them access to the Shared Mailboxes page?
- Your best option is to limit the scope of the admin role assignment via Administrative units: https://learn.microsoft.com/en-us/azure/active-directory/roles/administrative-units
By creating an AU that covers only shared mailboxes, you can "scope" his role in a way that he is not able to perform any actions on object that are not a shared mailbox.
Alternatively, you can get him to use the Exchange Admin Center instead, where you can enforce more granular permissions/scopes.