Jul 16 2021
- last edited on
Jan 14 2022
We're trying out the Azure AD role assignable groups (preview) to facilitate onboarding new IT staff but I noticed some strange behaviour.
When assigning the Exchange Admin role to accounts via Azure AD role assignable group, certain portions of the Exchange Admin Center give an error 500 (Public Folders, the right portion of the GUI where you can change settings) and some give error '403 access denied' (Rules + Public Folder Mailboxes).
The Azure AD group becomes member of the Exchange Admin Role 'group' which in turn is member of the Exchange Online Organization Management role group. I'm thinking maybe something with nesting of groups but not sure why most of the ECP then works except those 3 things (that I have found so far).
If I add my account individually to the Org.Mgt. role group in Exchange Online, I again have full access but that beats the point of using Azure AD role assignable groups of course :)
So not sure if it's a bug or something that needs fixing.
Jul 16 2021 09:21 AM
Aug 08 2021 11:37 PM
Aug 10 2021 06:15 AM - edited Aug 10 2021 06:17 AM
Aug 16 2021 07:10 PMSolution
Aug 17 2021 12:51 AM