Access Exchange online Via Powershell permission only Org. Admin ?Global Admin?

%3CLINGO-SUB%20id%3D%22lingo-sub-1200139%22%20slang%3D%22en-US%22%3EAccess%20Exchange%20online%20Via%20Powershell%20permission%20only%20Org.%20Admin%20%3FGlobal%20Admin%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1200139%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%2C%26nbsp%3B%3CBR%20%2F%3EBecause%20I%20had%20programmed%20a%20task%20schedule%20for%20export%20Get-MsolUse%2C%20i%20Using%20my%20Global%20Admin%20permission%20is%20ok%2C%20but%20using%20a%20personal%20account%20is%20not%20good%20for%20this%20because%20when%20I%20leave%20the%20company%20the%20task%20schedule%20will%20not%20work!%3C%2FP%3E%3CP%3ESo%20I%20want%20to%20create%20an%20account%2C%20for%20security%20reasons%20I%20don't%20want%20to%20add%20much%20permission%20for%20it.%3C%2FP%3E%3CP%3Ebut%20I%20had%20tried%20much%20View%20permission%20is%20not%20work%2C%20Is%20it%20only%20Org.%20Admin%20or%20Global%20Admin%20can%20access%20Exchange%20online%20Via%20Powershell%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1200139%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%20center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Administration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1201435%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20Exchange%20online%20Via%20Powershell%20permission%20only%20Org.%20Admin%20%3FGlobal%20Admin%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1201435%22%20slang%3D%22en-US%22%3E%3CP%3EEveryone%20can%20access%20PowerShell%2C%20but%20most%20cmdlets%20wont%20be%20exposed%20unless%20the%20user%20has%20the%20required%20role.%20In%20Exchange%20Online%2C%20you%20can%20get%20very%20granular%20with%20the%20permissions%2C%20down%20to%20individual%20cmdlets.%20However%2C%20the%20example%20you%20gave%2C%20Get-MsolUser%2C%20is%20NOT%20an%20Exchange%20Online%20cmdlet%2C%20but%20part%20of%20the%20MSOnline%20mode.%20For%20that%2C%20you%20don't%20have%20that%20much%20customizability.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1203707%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20Exchange%20online%20Via%20Powershell%20permission%20only%20Org.%20Admin%20%3FGlobal%20Admin%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1203707%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Eif%20I%20use%20Get-Mailbox%20need%20which%20permission%3F%26nbsp%3B%20because%20I%20use%20this%20account%20of%20the%20automation%20task%20scheduler%2C%20so%20I%20don't%20want%20the%20account%20had%20much%20permission%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Ebecause%20I%20can't%20make%20sure%20ConvertFrom-SecureString%20is%26nbsp%3BSecure%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1204811%22%20slang%3D%22en-US%22%3ERe%3A%20Access%20Exchange%20online%20Via%20Powershell%20permission%20only%20Org.%20Admin%20%3FGlobal%20Admin%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1204811%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20find%20out%20which%20role%20contains%20a%20specific%20cmdlet%2C%20you%20can%20use%20%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EGet-ManagementRole%3C%2FFONT%3E.%20In%20this%20case%2C%20if%20all%20you%20need%20is%20Get-Mailbox%2C%20you%20can%20either%20use%20the%20built-in%20%22%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EView-Only%20Recipients%3C%2FFONT%3E%22%20role%2C%20or%20create%20a%20custom%20one.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello , 
Because I had programmed a task schedule for export Get-MsolUse, i Using my Global Admin permission is ok, but using a personal account is not good for this because when I leave the company the task schedule will not work!

So I want to create an account, for security reasons I don't want to add much permission for it.

but I had tried much View permission is not work, Is it only Org. Admin or Global Admin can access Exchange online Via Powershell?

3 Replies
Highlighted

Everyone can access PowerShell, but most cmdlets wont be exposed unless the user has the required role. In Exchange Online, you can get very granular with the permissions, down to individual cmdlets. However, the example you gave, Get-MsolUser, is NOT an Exchange Online cmdlet, but part of the MSOnline mode. For that, you don't have that much customizability.

Highlighted

@Vasil Michev 

 

if I use Get-Mailbox need which permission?  because I use this account of the automation task scheduler, so I don't want the account had much permission

 

because I can't make sure ConvertFrom-SecureString is Secure

Highlighted

To find out which role contains a specific cmdlet, you can use Get-ManagementRole. In this case, if all you need is Get-Mailbox, you can either use the built-in "View-Only Recipients" role, or create a custom one.