Forum Discussion

YU Yang's avatar
YU Yang
Copper Contributor
May 15, 2019

Delegate role for release quarantine email only

Hi Community,

 

I am looking for any role or any way to customize the role for manage/release email in EAC quarantine. For our service desk, I only intend to let them release the quarantine email only in EAC or Security & Compliance Center, rather than give them higher privileged to be able to do other stuff like tracing the emails. 

 

The similar role I could find in EAC is “Transport Hygiene” role. But that role will have access to the anti-spam and anti-malware polices. Any way we can restrict the permission further? Thanks. 

 

Regards,

Yang

  • I did this and it worked:-

    New-ManagementRole -Parent "Transport Hygiene" -Name "Custom Role for Helpdesk - Manage Quarantine"

    $RoleEntry=Get-ManagementRoleEntry "Custom Role for Helpdesk - Manage Quarantine\*" | Where {!($_.Name -match "Quarantine")}

    $RoleEntry|%{$n=$_.name;$name="Custom Role for Helpdesk - Manage Quarantine\$n";$name;Remove-ManagementRoleEntry -Identity $name -Confirm:$0}

    Now add the "Custom Role for Helpdesk - Manage Quarantine" role entry to the role group using UI.
    If you are creating a new role group remember to add "View-Only Organization Management"
    • YU Yang's avatar
      YU Yang
      Copper Contributor

      DeepakRandhawa 

       

      Thanks for your quick reply. Your information is really helpful. 

      But I found that I still can trace the emails if I add my role to View-Only Organization Management. I tried to use the similar PS you provided to restrict the role entries further, but with no luck. 

      • DeepakRandhawa's avatar
        DeepakRandhawa
        Iron Contributor

        View-Only Organization Management was required to access ECP portal only. You can remove it now and still be able to access ECP and then only option available in mailflow will be Accepted Domains.

Resources