Forum Discussion

Copper Contributor

May 15, 2019

Delegate role for release quarantine email only

Hi Community, I am looking for any role or any way to customize the role for manage/release email in EAC quarantine. For our service desk, I only intend to let them release the quarantine email o...

exchange online

DeepakRandhawa

Iron Contributor

May 15, 2019

I did this and it worked:-

New-ManagementRole -Parent "Transport Hygiene" -Name "Custom Role for Helpdesk - Manage Quarantine"

$RoleEntry=Get-ManagementRoleEntry "Custom Role for Helpdesk - Manage Quarantine\*" | Where {!($_.Name -match "Quarantine")}

$RoleEntry|%{$n=$_.name;$name="Custom Role for Helpdesk - Manage Quarantine\$n";$name;Remove-ManagementRoleEntry -Identity $name -Confirm:$0}

Now add the "Custom Role for Helpdesk - Manage Quarantine" role entry to the role group using UI.
If you are creating a new role group remember to add "View-Only Organization Management"

YU Yang
Copper Contributor
May 16, 2019
DeepakRandhawa

Thanks for your quick reply. Your information is really helpful.
But I found that I still can trace the emails if I add my role to View-Only Organization Management. I tried to use the similar PS you provided to restrict the role entries further, but with no luck.
- DeepakRandhawa
  Iron Contributor
  May 17, 2019
  View-Only Organization Management was required to access ECP portal only. You can remove it now and still be able to access ECP and then only option available in mailflow will be Accepted Domains.
  - YU Yang
    Copper Contributor
    May 17, 2019
    Hi Deepak,
    
    Thanks again for your help.
    
    Tried that and seems like the behaviour for quarantine is bit different between ECP and Security & Compliance Centre. If I just keep customised role without view-only management role, I wouldn’t be able to see Quarantined email in Security & Compliance Centre.