Solved

O365 Permissions = EAS Device Quarantine Question

Posted on 2014-02-25
2
1,147 Views
Last Modified: 2014-03-12
We are wanting to allow our local helpdesk technicians at each of our sites to have the ability to look at users ActiveSync devices thru the O365 tenant portal. By default we quarantine all EAS devices and manually allow/block or delete device access requests.

These users don't have any admin access on the tenant. As mentioned, we JUST want them to have permission to quarantine/unquarantine user devices via the web interface as they wouldn't have powershell access. They shouldn't have access edit any mailbox features other that the mobile devices for users.

How is this managed? Please provide as granular details as possible and perhaps specific how to's.

I assume a new Role and permissions would required? Then users of the local helpdesk be added?

Thanks in advance.
0
Comment
Question by:GCTTechs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 41

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 250 total points
ID: 39885261
You can use the Exchange RBAC. If you want them to ONLY have access to allow/block devices, you can create a custom Role  the cmdlet you need is "Set-CasMailbox" cmdlet.

Here are some articles to get you started:

http://technet.microsoft.com/en-us/library/dd298183(v=exchg.150).aspx

http://technet.microsoft.com/en-us/library/dd298043.aspx

And here is a suitable example that will work in your case:

http://blogs.technet.com/b/exchange/archive/2012/09/12/rbac-walkthrough-of-creating-a-role-that-can-wipe-activesync-devices.aspx
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 39886026
In order to manage quarantined devices, they must be assigned the "Organization Client Access" administrator role as well as one of the following:

View-Only Recipients
User Options
or
Mail Recipients

Full documentation about this is here:
http://help.outlook.com/en-us/140/Ff969895.aspx

Jeff
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Microsoft Office Picture Manager has a Picture Shortcuts pane that shows a list with the Recently Browsed folders. While creating my video Micro Tutorial here at Experts Exchange showing How to Install Microsoft Office Picture Manager in Office 2013…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question