Sep 27 2018 11:01 AM
I'd like to grant specific users access to Mail Flow in the Security & Compliance Center, giving them ability to view dashboards and run Message Traces. What's the least privileged role I could grant to give them such access?
Sep 28 2018 04:13 PM
The Security Reader role should be the "best" one, if you prefer to use the SCC.
If you absolutely must limit the number of additional permissions they will get, best use the EAC message trace functionality instead, or even create a custom role (or role assignment) for just the Get-MessageTrace/Get-MessageTraceDetail cmdlets.