cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange Online: Default Role Assignment Policy

STHLM
Copper Contributor

‎Mar 26 2022 11:29 AM

‎Mar 26 2022 11:29 AM

Exchange Online: Default Role Assignment Policy

Hello!

 

I need a small help. I created the "MyBaseOptions-DisableForwarding" on the Default Role Assignment Policy. 

 

I would like to remove that change from the Default Role Assignment Policy and add it to a new role policy, but I am not sure what command would remove only the "MyBaseOptions-DisableForwarding" that I added by running the "New-ManagementRole MyBaseOptions-DisableForwarding Parent MyBaseOptions".

 

Thank you so much in advance. 

Labels:
2,019 Views
0 Likes
6 Replies
Reply
6 Replies
Vasil Michev

‎Mar 26 2022 11:40 AM

‎Mar 26 2022 11:40 AM

Re: Exchange Online: Default Role Assignment Policy

If you only used the New-ManagementRole cmdlet, the role is not "added" anywhere. You can check its current assignments via:

Get-ManagementRoleAssignment -Role MyBaseOptions-DisableForwarding

If needed, remove any existing assignment via:

Remove-ManagementRoleAssignment "Name value you obtained from the above cmdlet"
0 Likes
Reply
STHLM

‎Mar 26 2022 12:30 PM

‎Mar 26 2022 12:30 PM

Re: Exchange Online: Default Role Assignment Policy

Thanks for your reply Vasil!
I ran the Get-ManagementRoleAssignment -Role "MyBaseOptions-DisableForwarding" and nothing came back, however I can see it under the Default Role Assignment Policy as an option to seelct or unselect under the MyBaseOptions. Is there any way I can remove it from there or restore the Default Role Assignment Policy to original state (out of the box)?
0 Likes
Reply
Vasil Michev

‎Mar 27 2022 09:45 AM

‎Mar 27 2022 09:45 AM

Re: Exchange Online: Default Role Assignment Policy

That's the actual Role entry, not a role assignment. Selecting it therein will create an assignment. To remove it from there, you need to delete the Role itself.
0 Likes
Reply
Dia_2

‎Mar 27 2022 09:51 AM

‎Mar 27 2022 09:51 AM

Re: Exchange Online: Default Role Assignment Policy

@Vasil Michev What are the implications of removing the default role?

0 Likes
Reply
Titus_Mawasha

‎Mar 29 2022 03:43 AM - edited ‎Mar 29 2022 03:55 AM

‎Mar 29 2022 03:43 AM - edited ‎Mar 29 2022 03:55 AM

Re: Exchange Online: Default Role Assignment Policy

Hi STHLM,

Run the following PowerShell CMD

 

The below will show you all roles for default role assignment and look for your role you created "MyBaseOptions-DisableForwarding" take a snipping tool of the results...


Get-ManagementRoleAssignment -RoleAssignee "Default Role Assignment Policy" | Format-Table Name,Role -Auto

And run the below CMD to remove the role

Remove-ManagementRoleAssignment -Identity "MyBaseOptions-DisableForwarding-Default Role Assignment Policy"

Then compare your snipping tool and results from after removing the role.

 

Then you are done!

Preview file
186 KB
0 Likes
Reply
Vasil Michev

‎Mar 29 2022 08:52 AM

‎Mar 29 2022 08:52 AM

Re: Exchange Online: Default Role Assignment Policy

You cannot remove default roles. You can remove a role assignment for a default role, via the Remove-ManagementRoleAssignment cmdlet.
0 Likes
Reply