Exchange Management Scope and Role Issue
Hi,
I have a user who needs to be a admin delegate for a number of shared mailboxes.
I have created a management scope using the following command -
New-ManagementScope "FCR_CC_MGMT" -RecipientRestrictionFilter {Customattribute1 -Eq "FCR_ACCESS"}
I have given the custom attribute FCR_ACCESS to the required shared mailboxes this user needs to administrate.
I have then created an admin role within Exchange Online and then changed the write scope to FCR_CC_MGMT. I have also added the user as a member and set the role to only Mail Recipients.
I have then given the user Exchange Administrator access role in Office 365. When the user logs into Exchange Online console. They are able to modify other mailboxes outside of the write scope? Is there something i am doing wrong? I have checked and the user doesn't have any other roles within Office 365 apart from Exchange admin.
Thanks,
ASKER
I see now, so i need to use the Exclusive switch on the management scope command?
Then the user can only modify the intended mailboxes.
This is for power users who regularly need to make changes to delegation access to departmental shared mailboxes. They were previously trying to do it via OWA which wasn't working. I will try what you have suggested. thanks
ASKER
If you absolutely need to grant Exchange admin role, creating an exclusive management scope should work instead: https://docs.microsoft.com/en-us/exchange/understanding-exclusive-scopes-exchange-2013-help