Forum Discussion
Providing Rooms & Equipment Admin Right
Hi, I am the administrator looking after the O365 account. I would like to designate some of the users to allow them to manage/create the resources themself. How do I create the admin acces...
If you want to follow the principle of least privilege, add them the Exchange Online's Recipient Management role group, and optionally create a management scope that only covers room/equipment mailboxes.
If you want to use the M365 admin roles instead, User management should suffice. You can create an Administrative unit to restrict the permissions to just room/equipment mailboxes.
If you want to use the M365 admin roles instead, User management should suffice. You can create an Administrative unit to restrict the permissions to just room/equipment mailboxes.
- Right, you can also do it from the M365 Admin center under Roles > Role assignments > Exchange > Recipient Management role.
Hi VasilMichev
Under the default "Permissions" listing, there are 9 roles checked. Can I select the role only to manage the Resources (creating/editing Rooms And Equipment)? I can't seems to find such option listed.
Thanks.- If you want to make changes to the default Role Groups/Roles, it gets a bit more complicated. But it allows you to get a lot more granular. For example, the below will allow you assign just the "Mail Recipient Creation" role to a given user, without any of the 8 additional roles you can see on the screenshot above:
New-ManagementRoleAssignment -Role "Mail Recipient Creation" -User email address removed for privacy reasons
Optionally, you can also specify a management scope to restrict which objects can the corresponding operations be run against. Read about scopes here: https://learn.microsoft.com/en-us/exchange/understanding-management-role-scopes-exchange-2013-help