Parts of Exchange Admin Center are not accessible when using Azure AD group based role assignment
Hi
We're trying out the Azure AD role assignable groups (preview) to facilitate onboarding new IT staff but I noticed some strange behaviour.
When assigning the Exchange Admin role to accounts via Azure AD role assignable group, certain portions of the Exchange Admin Center give an error 500 (Public Folders, the right portion of the GUI where you can change settings) and some give error '403 access denied' (Rules + Public Folder Mailboxes).
The Azure AD group becomes member of the Exchange Admin Role 'group' which in turn is member of the Exchange Online Organization Management role group. I'm thinking maybe something with nesting of groups but not sure why most of the ECP then works except those 3 things (that I have found so far).
If I add my account individually to the Org.Mgt. role group in Exchange Online, I again have full access but that beats the point of using Azure AD role assignable groups of course 🙂
So not sure if it's a bug or something that needs fixing.
Steve Hernou Permissions granted via Azure Privileged Identity Management won't work for Rules, Organization, or Public Folders in the modern EAC.