Admin rights that does NOT include reading others mail.

Brass Contributor

I want to assign limited admin rights to a user.  However I don't want this user to be able to open another mailbox and read mail.  There is sensitive information sent  between a few users that only they should see.  This is pretty much the main thing I want restricted.  So which of these should I choose?

 

BoxOfFrogs_0-1629391302493.png

 

3 Replies

What do you want this user to be able to do? What specific task?

If you for example want them to be able to manage users, give them the User Administrator role which won’t allow them to read email. From the roles you listed, any one of them except Global Administrator or Exchange Administrator should be fine. Always give the least amount of privileges needed to accomplish a specific set of tasks.

@pvanberlo  Right, it is more about what I DON'T want them to be able to do.  So, the only 2 rights that allow opening another persons mailbox are Global and Exchange?

From the list you shared, yes.