Providing Rooms & Equipment Admin Right

Brass Contributor

Hi,

I am the administrator looking after the O365 account. I would like to designate some of the users to allow them to manage/create the resources themself.

cllee_0-1680082540606.png

How do I create the admin access for another user to manage the Resources creation? 

Thanks.

5 Replies
If you want to follow the principle of least privilege, add them the Exchange Online's Recipient Management role group, and optionally create a management scope that only covers room/equipment mailboxes.
If you want to use the M365 admin roles instead, User management should suffice. You can create an Administrative unit to restrict the permissions to just room/equipment mailboxes.

Hi @VasilMichev 

If to do it from M365 admin center, is this the right place to configure it?

cllee_0-1680162138217.png

 

Right, you can also do it from the M365 Admin center under Roles > Role assignments > Exchange > Recipient Management role.

Hi @VasilMichev 

Under the default "Permissions" listing, there are 9 roles checked. Can I select the role only to manage the Resources (creating/editing Rooms And Equipment)? I can't seems to find such option listed.

cllee_0-1680447443173.png

Thanks.

 

If you want to make changes to the default Role Groups/Roles, it gets a bit more complicated. But it allows you to get a lot more granular. For example, the below will allow you assign just the "Mail Recipient Creation" role to a given user, without any of the 8 additional roles you can see on the screenshot above:

New-ManagementRoleAssignment -Role "Mail Recipient Creation" -User email address removed for privacy reasons

Optionally, you can also specify a management scope to restrict which objects can the corresponding operations be run against. Read about scopes here: https://learn.microsoft.com/en-us/exchange/understanding-management-role-scopes-exchange-2013-help