Exchange Online access via PIM

Copper Contributor



We are looking to grant more granular access to the Exchange Online portal for our support teams instead of the Exchange Admin Entra role. The idea is to set up cloud security groups, onboard them to PIM and grant the users eligible assignments. The groups would be then assigned to the Exchange Online role groups (RBAC) in the Exchange Portal. It appears though that Exchange Portal requires mail-enabled security groups and mail-enabled security groups cannot be onboarded to PIM.
Does anyone know if this is by design?

What is the alternative solution to grant JIT access to the Exchange Portal instead of the Entra role or the standing access of the users assigned directly to the RBAC roles on the Exchange Portal? Many thanks.

0 Replies