cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Exchange Online RBAC

neilhiorns
Copper Contributor

‎Oct 29 2021 06:44 AM

‎Oct 29 2021 06:44 AM

Exchange Online RBAC

We are in the process of migrating to Exchange Online (from Exchange 2016) and what to know the best way to apply RBAC. In the On Premise configuration we limited the local admins to only be able to edit mailboxes within their Organizational Unit, basically by the Write Scope.

Obviously AAD does not have OUs so wondering what the the best way to restrict access? I have tried Set-ManagementScope and the "RecipientFilter", does anyone have the best way to use the use the "RecipientFilter" - namely use Company Name, Location etc.

 

Also, should we use this in conjunction with the "Exchange recipient administrators" role?

Labels:
721 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by neilhiorns (Copper Contributor)
Vasil Michev

‎Oct 29 2021 08:19 AM

‎Oct 29 2021 08:19 AM

Solution

Re: Exchange Online RBAC

That's totally up to you - whatever attribute makes sense. Some more convoluted scenarios, such as restricting permissions for eDiscovery, only support "member of group" type of scopes, but for the generic roles attributes such as Department, Company, Office and so on work just fine.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by neilhiorns (Copper Contributor)
Vasil Michev

‎Oct 29 2021 08:19 AM

‎Oct 29 2021 08:19 AM

Solution

Re: Exchange Online RBAC

That's totally up to you - whatever attribute makes sense. Some more convoluted scenarios, such as restricting permissions for eDiscovery, only support "member of group" type of scopes, but for the generic roles attributes such as Department, Company, Office and so on work just fine.

View solution in original post

0 Likes
Reply