Azure vs exchange roles groups

Martin P 1 Reputation point
2022-12-01T20:51:52.093+00:00

Trying to administer Exchange online in Azure, what is the relationship between those roles:

exchange online management role: Organization Management

vs

Azure AD built-in role: Exchange Administrator

Do you need both or either of them?

Thanks

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
666 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,350 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 141.6K Reputation points MVP
    2022-12-01T21:14:56.617+00:00

    The Azure role is the same as the Exch org mgmt.
    The benefit of the Azure role is that you can enable it for PIM, so I would use that one instead of assigning the Exch Org Mgmt one
    It also provides additional Azure roles such as accessing the Health DashBoard and opening service tickets - so I recommend using that one and not Exchange org mgmt :)

    https://portal.azure.com/#view/Microsoft_Azure_PIMCommon/UserRolesViewModelMenuBlade/~/description/menuId/members/roleName/Exchange%20Administrator/roleObjectId/29232cdf-9323-42fd-ade2-1d097af3e4de/isRoleCustom~/false/roleTemplateId/29232cdf-9323-42fd-ade2-1d097af3e4de/resourceId/b1c14d5c-3625-45b3-a430-9552373a0c2f/isInternalCall~/true

    https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

    0 comments
  2. Joy Zhang-MSFT 1,046 Reputation points
    2022-12-02T01:57:26.087+00:00

    Hi @Martin P

    Based on the official description on these 2 roles, since users with Azure AD built-in role Exchange Administrator have global permissions within Microsoft Exchange Online, when the service is present. Also has the ability to create and manage all Microsoft 365 groups, manage support tickets, and monitor service health. the Azure AD built-in role Exchange Administrator seem more permission than Organization Management role.

    Here are some comparisons between the two sides:
    Exchange online management role: Organization Management:

    266344-1.png
    266317-2.png
    266391-3.png

    Detailed information: Organization Management

    Azure AD built-in role: Exchange Administrator:
    266392-4.png

    Detailed information: Exchange Administrator

    Then you could choose one that based on your need.

    If an Answer is helpful, please click "Accept Answer" and upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments