Forum Discussion
Office 365 Groups
The problem is Groups are not Exchange objects, they are AAD objects. While you can certainly govern some settings via the ExO cmdlets, AAD remains the source of authority, thus the portal requires you to have the necessary permissions to run the corresponding AAD cmdlets/API calls.
That said, if you are OK with using the EAC or PowerShell, you can certainly use an Exchange admin (or non-admin with the relevant permissions) to manage them. All you need is to have the Mail Recipients role assigned.
The problem is Groups are not Exchange objects, they are AAD objects. While you can certainly govern some settings via the ExO cmdlets, AAD remains the source of authority, thus the portal requires you to have the necessary permissions to run the corresponding AAD cmdlets/API calls.
That said, if you are OK with using the EAC or PowerShell, you can certainly use an Exchange admin (or non-admin with the relevant permissions) to manage them. All you need is to have the Mail Recipients role assigned.
- Thanks for the clarification Vasil. That's what I was looking for.
another issue is that the Groups cmdlets do not support RBAC...
Still another is that the Groups membership model only differentiates between owners (who can add new members) and members (who cannot). Tenant admins override this restriction, but that doesn't help.
TonyRedmond nearly 2 years on, is that right O365 groups CMDlets still don't support RBAC?
I have a Management Scope for allowing local site admins to update group membership for groups they are not owners of. Works like a dream for everything other than the O365 Groups. Sure is irritating...
Joshua Bines Yep. The Groups cmdlets seem to work well for tenant admins and the other admin roles that support groups, like the new Groups admin role. But they don't do scoping.
- Thanks for the clarification Tony. That's what I was looking for.
