Forum Discussion
Edit Microsoft 365 Groups Permission
Hi Team,
I am an office 365 administrator, i have a technician working with me with minimal knowledge on the platform. So ive assigned him with minimal rights for day to day job such as, create users, assign license, reset passwords etc... However, he cannot edit Microsoft 365 groups, as in add users, remove users etc... He is a member of the following groups;
- User Administrator
- Helpdesk Administrator
- Groups Administrator
He is able to modify Teams groups however not email distribution. Error presented is Global administrator or Exchange administrator rights is required to perform the task.
Unfortunately Global adminstrator gives access to everything on office 365 incl azure AD and i dont want that, neither Exchange administrator. I need my tech to be able to perform his day to day activities.
Grateful if anyone can advise of any alternative to this or a delegated custom permission can be created to give him the specific access to simply modify distribution groups, by adding and removing members.
Thank you.
- Exchange Online offers a variety of workload-specific roles, such as the Recipient Management one. The least-privileged role that allows group management is the "Distribution Groups" one, so you can use this.
Moreover, you can use its robust RBAC model to granularly limit which actions the admin can perform, which objects he can modify and so on. Read here: https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
