User Profile
AriasJose
Brass Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Re: Asking for Using a work account (Business Basic) in Outlook Home Version
Yes, you can sign out of your personal Microsoft account and sign in with your Business Basic account in the Office apps (Word, Excel, etc.). However, Office Home and Business Basic are different license types: Office Home: Includes desktop apps installed on your device. Microsoft 365 Business Basic: Primarily web-based (Office Online) and includes Teams, Exchange email, OneDrive, etc. It does not include desktop apps unless you also have Business Standard or Premium. So if you only have Business Basic, signing in with that account won’t activate the desktop apps. They’ll remain tied to your Home license68Views0likes0CommentsRe: Exchange 2016 to SE and Exchange Online questions
Mailbox permissions in a hybrid environment, after those mailboxes have been migrated, can still coexist and remain valid it depends on the type of permission involved. Review the previous articles to see how different delegation types are handled depending on the permission scenario.75Views0likes0CommentsRe: Exchange 2016 to SE and Exchange Online questions
https://learn.microsoft.com/en-us/exchange/hybrid-deployment/set-up-delegated-mailbox-permissions https://learn.microsoft.com/en-us/troubleshoot/exchange/send-emails/overview-delegation-office-365-hybrid https://learn.microsoft.com/en-us/exchange/permissions https://learn.microsoft.com/en-us/exchange/hybrid-deployment/set-up-delegated-mailbox-permissions59Views0likes0CommentsRe: Exchange RBAC Challenge: Restricting Admin Level Access to Selected Mailboxes
This is a common challenge in organizations that need to balance operational support with data privacy and executive confidentiality. While Exchange Online offers powerful role-based access control (RBAC), it doesn't natively support mailbox-level exclusions within a broader access scope. Here's how you can work around that limitation. Understanding the Limitations RBAC Scopes: These define who an admin can manage, but they don’t restrict read access once a role is assigned. Administrative Units (AUs): Useful in Azure AD for scoping user management, but they don’t apply to Exchange mailbox access. Application Access Policies: Only apply to app-based access (not human admins), and only for application permissions. The Workaround: Explicitly Deny Mailbox Access To block access to specific mailboxes (like those of executives), you can use mailbox permissions to explicitly deny access—even if broader permissions are granted elsewhere. Step-by-Step Instructions Create a security group for your Service Desk L1 team if one doesn’t already exist. Remove any existing Full Access permissions to the executive mailboxes: Remove-MailboxPermission -Identity "email address removed for privacy reasons" -User "ServiceDeskL1Group" -AccessRights FullAccess Explicitly deny access to those mailboxes: Add-MailboxPermission -Identity "email address removed for privacy reasons" -User "ServiceDeskL1Group" -AccessRights FullAccess -Deny:$true This deny rule overrides any inherited or assigned access, effectively blocking the group from accessing the specified mailboxes. Optional: Split Admin Roles If your organization supports it, consider splitting admin responsibilities: Assign the L1 team to a custom management scope that excludes executive mailboxes. Assign broader access (including executives) to a higher-tier admin group (e.g., L2 or L3). This layered approach ensures that only trusted personnel have access to sensitive mailboxes. Conclusion While Exchange Online doesn’t offer a built-in way to exclude specific mailboxes from admin access, using explicit deny permissions provides a reliable workaround. It’s a practical solution that helps maintain both operational efficiency and executive privacy.19Views0likes0Comments
Recent Blog Articles
No content to show