Forum Discussion
SP Admin role cannot modify O365 groups programmatically
Why would you expect a SharePoint role to get access to additional Exchange cmdlets? The way I understand it, they've granted permissions on Azure AD and possibly the Graph API, which is what's executed from the O365 Admin center anyway. If you want to perform those tasks with the Exchange cmdlets, add the relevant roles (Mail Recipients is sufficient).
The O365 Admin center UI does NOT use Exchange PowerShell cmdlets to execute group-related tasks though, and having permissions in one tool/API doesn't necessarily mean you should get the corresponding permissions across all. You can always open an uservoice item or leave feedback on the documentation, or just add the relevant permissions yourself.
VasilMichev Thanks. Obviously the UI doesn't use the Powershell but both the UI and Powershell are probably hitting the same backend APIs, probably Graph. Unfortunately, we're limited to SP Admin role and can't be granted additional permissions at this time. Ideally, the New-PnPSite or New-PnpTenantSite could take in an Owners parameter and make them O365 Group Owners if the new site is an O365 Group connected site.
They aren't hitting the same APIs. Don't expect the different teams at Microsoft to talk to each other 🙂
Eventually all should be moved to the Graph, but currently we have zero support for any Exchange-related cmdlet there. So if you want to leverage Exchange cmdlets, make sure you have the necessary permissions in Exchange Online.
I'm not sure about the PnP cmdlets, as I'm more of an Exchange guy.