Sep 16 2021 01:50 AM
Hi,
We are trying to separate a customer's internal companies by using AU's in AAD. This AU contains cloud-only users. However, the predefined roles in AAD are not what we're looking for. We'd like to have a more granular approach by adding Exchange admin roles to specifically administrate distribution groups and O365 groups, but these users (Helpdesk) should only be allowed to create or edit groups that are within their specific AU, not the entire tenant.
I've tried to fiddle with this by creating new management scopes in PowerShell but it does not seem possible to create a scope which only applies for the AU.
Any ideas? Thanks a lot in advance.
Sep 16 2021 08:27 AM
Jul 22 2022 01:35 PM
@Vasil Michev Exchange has the Get-AdministrativeUnit command in ExchangeOnline powershell.
I can't use the "name" listed under this command with the New-ManagementRoleAssignment command to give RBAC to a user in that AU?