Forum Discussion
Exchange Online: Default Role Assignment Policy
Hello!
I need a small help. I created the "MyBaseOptions-DisableForwarding" on the Default Role Assignment Policy.
I would like to remove that change from the Default Role Assignment Policy and add it to a new role policy, but I am not sure what command would remove only the "MyBaseOptions-DisableForwarding" that I added by running the "New-ManagementRole MyBaseOptions-DisableForwarding Parent MyBaseOptions".
Thank you so much in advance.
- If you only used the New-ManagementRole cmdlet, the role is not "added" anywhere. You can check its current assignments via:
Get-ManagementRoleAssignment -Role MyBaseOptions-DisableForwarding
If needed, remove any existing assignment via:
Remove-ManagementRoleAssignment "Name value you obtained from the above cmdlet"- Thanks for your reply Vasil!
I ran the Get-ManagementRoleAssignment -Role "MyBaseOptions-DisableForwarding" and nothing came back, however I can see it under the Default Role Assignment Policy as an option to seelct or unselect under the MyBaseOptions. Is there any way I can remove it from there or restore the Default Role Assignment Policy to original state (out of the box)?- That's the actual Role entry, not a role assignment. Selecting it therein will create an assignment. To remove it from there, you need to delete the Role itself.
Hi STHLM,
Run the following PowerShell CMDThe below will show you all roles for default role assignment and look for your role you created "MyBaseOptions-DisableForwarding" take a snipping tool of the results...
Get-ManagementRoleAssignment -RoleAssignee "Default Role Assignment Policy" | Format-Table Name,Role -Auto
And run the below CMD to remove the role
Remove-ManagementRoleAssignment -Identity "MyBaseOptions-DisableForwarding-Default Role Assignment Policy"Then compare your snipping tool and results from after removing the role.
Then you are done!
