Exchange Online confidential mailboxes

New Contributor


we have mailboxes in exchange online which must strictly confidential. these mailboxes must be protected separately. no global administrator isn't allowed assign access rights. is there a simple way to protect these mailboxes so that only a special global administrator can assign rights there? For example special RBAC rolle? Did anyone else do this before?



3 Replies

Not something I have tried but there appears to be an “Exclusive scopes" feature that you could have a look at: 


"Exclusive scopes are designed to enable situations where you have a group of highly valuable objects, such as a CEO mailbox, and you want to tightly control who has access to manage those objects."


Here is walkthrough in Exchange Online - Limiting access to Executive Mailboxes in Exchange Online.  From what I gather this could stop even global admins from managing these mailboxes and would be just limited to a designated management group instead.

Exclusive scopes are the way to go, with the remark that any Global admin can simply reverse the configuration and still gain access, if he knows what he's doing. So as usual, the most important factor is trust.

Thank you for quickly response, i will check this on next week.