Exchange Online RBAC - How to limit the read scope of a management role?

Asked Jul 22 '22 at 16:23

Active Jul 24 '22 at 15:08

Viewed 62 times

Environment: Exchange Online (Microsoft 365).

We need to allow some administrators to manage only a subset of all mailboxes.

The mailboxes can be selected using a recipient filter, so this can be achieved using a management scope. This works as expected: they can't modify anything outside their write scope.

However, they are still able to read all information and settings about all mailboxes in the environment.

Is it possible to limit the read scope of a management role?

edited Jul 24 '22 at 15:08

asked Jul 22 '22 at 16:23

Massimo

68,714
56
196
319

Hi, I'm afraid this requirement cannot be achieved. You can override Implicit Write & Configuration scopes but not Read scopes. According to my search, Exchange on-prem has this issue as well, you may check the similar discussions below: https://social.technet.microsoft.com/Forums/exchange/en-US/a063a190-89a4-4611-aa8d-772ab5a832f7/exchange-2013-rbac-read-scope?forum=exchangesvradmin, And – joyceshen Jul 25 '22 at 05:40

Exchange Online RBAC - How to limit the read scope of a management role?

0 Answers0

Linked