Sep 16 2017
03:38 AM
- last edited on
Feb 01 2023
10:23 AM
by
TechCommunityAP
Sep 16 2017
03:38 AM
- last edited on
Feb 01 2023
10:23 AM
by
TechCommunityAP
Hello,
we have mailboxes in exchange online which must strictly confidential. these mailboxes must be protected separately. no global administrator isn't allowed assign access rights. is there a simple way to protect these mailboxes so that only a special global administrator can assign rights there? For example special RBAC rolle? Did anyone else do this before?
Thx
Maik
Sep 16 2017 03:57 AM
Not something I have tried but there appears to be an “Exclusive scopes" feature that you could have a look at:
"Exclusive scopes are designed to enable situations where you have a group of highly valuable objects, such as a CEO mailbox, and you want to tightly control who has access to manage those objects."
Here is walkthrough in Exchange Online - Limiting access to Executive Mailboxes in Exchange Online. From what I gather this could stop even global admins from managing these mailboxes and would be just limited to a designated management group instead.
Sep 16 2017 12:03 PM
Exclusive scopes are the way to go, with the remark that any Global admin can simply reverse the configuration and still gain access, if he knows what he's doing. So as usual, the most important factor is trust.
Sep 17 2017 01:31 AM
Thank you for quickly response, i will check this on next week.