Solved

O365 Permissions = EAS Device Quarantine Question

Posted on 2014-02-25
2
1,217 Views
Last Modified: 2014-03-12
We are wanting to allow our local helpdesk technicians at each of our sites to have the ability to look at users ActiveSync devices thru the O365 tenant portal. By default we quarantine all EAS devices and manually allow/block or delete device access requests.

These users don't have any admin access on the tenant. As mentioned, we JUST want them to have permission to quarantine/unquarantine user devices via the web interface as they wouldn't have powershell access. They shouldn't have access edit any mailbox features other that the mobile devices for users.

How is this managed? Please provide as granular details as possible and perhaps specific how to's.

I assume a new Role and permissions would required? Then users of the local helpdesk be added?

Thanks in advance.
0
Comment
Question by:GCTTechs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 42

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 250 total points
ID: 39885261
You can use the Exchange RBAC. If you want them to ONLY have access to allow/block devices, you can create a custom Role  the cmdlet you need is "Set-CasMailbox" cmdlet.

Here are some articles to get you started:

http://technet.microsoft.com/en-us/library/dd298183(v=exchg.150).aspx

http://technet.microsoft.com/en-us/library/dd298043.aspx

And here is a suitable example that will work in your case:

http://blogs.technet.com/b/exchange/archive/2012/09/12/rbac-walkthrough-of-creating-a-role-that-can-wipe-activesync-devices.aspx
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 39886026
In order to manage quarantined devices, they must be assigned the "Organization Client Access" administrator role as well as one of the following:

View-Only Recipients
User Options
or
Mail Recipients

Full documentation about this is here:
http://help.outlook.com/en-us/140/Ff969895.aspx

Jeff
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question