Share via

DL management

Glenn Maxwell 13,141 Reputation points
2023-04-01T00:40:54.4166667+00:00

Hi All

I have Distributions groups and mail enabled security groups in exchange online. lets say i have DLs by name

******@contoso.com and ******@contoso.com is the owner of the DL.

******@contoso.com and ******@contoso.com is the owner of the DL.

user1 from OWA can manage the DL membership as well user1 can delete the DL. I want to control Few DLs. i.e user1 who is the owner of the DL1 can manage membership but should not delete the DL.

in the same way user2 can manage the membership but should not delete the DL2. how do i control this. Only for few DLs i want to go with this approach please guide me.

Exchange Online
Exchange Online
A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.
Exchange | Exchange Server | Management
Exchange | Exchange Server | Management
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
Exchange | Hybrid management
Exchange | Hybrid management
The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.
Answer accepted by question author
  1. Jarvis Sun-MSFT 10,251 Reputation points Microsoft External Staff
    2023-04-10T08:28:24.3366667+00:00

    Hi @Glenn Maxwell ,  

    After my experiment, it was possible to create a custom RBAC role to restrict DL owners' permission to delete DL, here is my testing process:  

    1.  Create the new Role Assignment Policy called DG-Management: User's image

    1. We need to remove the Remove-DistributionGroup cmdlet: User's image

     

    1. Checking to see the current Management Role Entries, note the Remove cmdlets are gone: User's image

     

    1. Assign the DG-management role with my testuser:  User's image
    2. Check the result, after creating a new group we can find there is no Delete option in Distribution groups.  User's image

    Detailed information and steps please refer to: Allow Users To Manage Distribution Groups Without Creating New Ones

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Glenn Maxwell 13,141 Reputation points
    2023-04-02T04:52:20.8166667+00:00

    My ask is DL owners should not be able to delete DLs from OWA.(Is it possible to create a policy for few DLS)

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.