Forum Discussion
multiple companies in one tenant
Yes, you can create "management scopes" that limit the users/mailboxes which a particular admin can manage. You can also create "exclusive" scopes which prevent any other admins from touching the mailbox. It's a very robust model, and would be nice to see it expand to other workloads (for example the SCC now has some similar controls).
I couldnt find an article tailored for ExO , but this one should give you the idea behind management scopes: https://technet.microsoft.com/en-us/library/dd351083(v=exchg.150).aspx
Exchange in particular has a very robust RBAC support, which you can utilize to control access to almost all of the functionalities. Including building "geo-fencing" type of solutions. Some of the other workloads also have RBAC support, but in general if you are using the same tenant, you can expect that there always will be some functionality that can be (ab)used across the department/company/country boundary. Even if you had full control over things, the Global admins would still be able to revert/bypass those restrictions. At some point you will have to make a decision between being able to tightly control access and all the collaboration features you get by using the same tenant.
VasilMichevcan the RBAC feature of EXO be used to limit an admin to a specific email domain within a Tenant?
Yes, you can create "management scopes" that limit the users/mailboxes which a particular admin can manage. You can also create "exclusive" scopes which prevent any other admins from touching the mailbox. It's a very robust model, and would be nice to see it expand to other workloads (for example the SCC now has some similar controls).
I couldnt find an article tailored for ExO , but this one should give you the idea behind management scopes: https://technet.microsoft.com/en-us/library/dd351083(v=exchg.150).aspx
- Thanks, that is good to know and just reconfirms how little I know about the details of Exchange :).
