Forum Discussion
Distribution groups Exchange online customize MyDistributiongroups role
Hi
Has anybody a good solution for this:
We are currently migrating from Active Directory on-prem our Distribution groups to Exchange Online.
We noticed that those Cloud only distribution groups in Exchange Online have too much permission such as they can remove, modify any settings etc.
When we tested it out, we noticed that there is too much permission on default such as you can modify any proxy address setting, Membership approval, delivery management, message approval and email option and additionally on that they were able to create new Distribution groups that we do not want our end users to do as this will cause big problems in the future.
I was able to find this User Role but it was really strict that what we can modify as a default under MyDistributionGroups (User roles) User roles allow users to manage end-user permissions, and create role assignment policies. Role assignment policies define the level of access that users have to manage their own Exchange mailboxes and distribution groups that they own.
In my understanding that these settings are related to the MyDistributiongroups in User roles in Admin Exchange portal.
MyDistributiongroups
This role enables individual users to create, modify and view distribution groups and modify, view, remove, and add members to distribution groups they own
By default, the settings are that like you can on or off for several settings and no customization is possible…
This is all related to the following change that happened lately:
Microsoft saying that:
Beginning in August 2023, managing distribution groups will no longer be possible from Outlook on the web. Administrators should manage their organization’s distribution groups in the Exchange admin center
Page:
https://support.microsoft.com/en-us/office/distribution-groups-e8ba58a8-fab2-4aaf-8aa1-2a304052d2de
End user portal:
https://admin.exchange.microsoft.com/?page=groups#/
I was able to find this that was close but I want to restrict more:
https://blog.expta.com/2013/06/how-to-configure-granular-permissions.html
Our Goal: We want our end users to only able to add and remove owners and memberships on
distribution groups they own. All other settings they should not be able to do.
- Jeff's article is still valid, you have to update the role assignment policy assigned to the users and the permissions therein to match the level of granularity you need. The new end user portal will respect those settings.
If you want users to only be able to manage membership, remove the MyDistributiongroups assignment and leave only the MyDistributiongroupMembership one. This does not include Ownership management though.VasilMichev thank you reply. Is there a way to have also ownerships add and remove function?
- You'll have to create a custom role for that.
