DL management

Question

Hi All

I have Distributions groups and mail enabled security groups in exchange online. lets say i have DLs by name

DL1@contoso.com and user1@contoso.com is the owner of the DL.

DL2@contoso.com and user2@contoso.com is the owner of the DL.

user1 from OWA can manage the DL membership as well user1 can delete the DL. I want to control Few DLs. i.e user1 who is the owner of the DL1 can manage membership but should not delete the DL.

in the same way user2 can manage the membership but should not delete the DL2. how do i control this. Only for few DLs i want to go with this approach please guide me.

Answer 1

Hi @Glenn Maxwell ,  

After my experiment, it was possible to create a custom RBAC role to restrict DL owners' permission to delete DL, here is my testing process:  

1.  Create the new Role Assignment Policy called DG-Management:

2. We need to remove the Remove-DistributionGroup cmdlet:

 

3. Checking to see the current Management Role Entries, note the Remove cmdlets are gone:

 

4. Assign the DG-management role with my testuser:  
5. Check the result, after creating a new group we can find there is no Delete option in Distribution groups.  

Detailed information and steps please refer to: Allow Users To Manage Distribution Groups Without Creating New Ones

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

My ask is DL owners should not be able to delete DLs from OWA.(Is it possible to create a policy for few DLS)