Hi @Glenn Maxwell ,
After my experiment, it was possible to create a custom RBAC role to restrict DL owners' permission to delete DL, here is my testing process:
1. Create the new Role Assignment Policy called DG-Management:
- We need to remove the Remove-DistributionGroup cmdlet:
- Checking to see the current Management Role Entries, note the Remove cmdlets are gone:
- Assign the DG-management role with my testuser:
- Check the result, after creating a new group we can find there is no Delete option in Distribution groups.
Detailed information and steps please refer to: Allow Users To Manage Distribution Groups Without Creating New Ones
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.