In my previous post here we learn about role Group and Role assignment Policy, now let’s see how do we setup new Role Group and how using a Role Group could be effective for us, we can control permission of an admin based on their role and responsibilities.
So here I have a helpdesk tech to whom I wants to give permission to reset password and see users options, so let’s see how we can create a custom Role Group and then assigned that to helpdesk admin.
So lets open Exchange Admin Center and the click on Permission
Next click on Plus icon to add new role under Admin Roles.
A new window will pop up, here give the Role Group a meaning full name
In write scope you can provide name of an OU to restrict permission up to that particular OU only.
Next click on the Plus icon and add roles to the Role group
Next add users to Role Group you want to assign this role too and then save.
Now when this user will access the Exchange Admin Center, he will only see options for the roles he is assigned too.
Now lets see if he can see user options of mailboxes.
So lets try to open an another user
So lets set out of office for the abharam.
We see now he can see all the mailbox options and can change settings.
So that’s how we can create custom role group and assign them to different admin as per there need and avoid giving them un necessary access.
Next we will see how do we create Role Assignment Policy and assign that to users.