End users are able to create and Delete Distribution Group in exchange online

Question

End users are able to create and Delete Distribution Group in exchange online web. Because of this there is no control on distribution groups.

what we need a end user should not get add and delete option. Add and Delete of group can be done from admin. But when a group is created and group owner can manage the add and remove of the member.

In admin center I can see the two policies (MyDistributionGroups and MyDistributionGroupMembership) related Distribution Group under Default Role Assignment Policy in user roles under permission.

when I un clear the MyDistributionGroups from policy, option to Add and Delete goes where as option for owner to add and remove member also goes.

Is it possible to to keep only Edit Member option as an owner and remove add and Delete option for distribution group owner. Let's consider Distribution group type is closed.DistributionGroupOption.png

Answer 1

Not sure I understand what you mean, can you confirm it this is what you are trying to achieve: disable the ability for end users to create or delete DGs, but allow them to manage the ownership of exiting groups? In this case, toggling off the MyDistributionGroups role, but keeping MyDistributionGroupMembership is the solution. Give it an hour to replicate and test, but make sure to log the user off and back on first in order for the updated role to be reflected.

As you can see from the MyDistributionGroupMembership role definition, it includes the required cmdlets to manage membership:

If you need more granular control, you will have to create new roles based on the MyDistributionGroups/MyDistributionGroupMembership ones and edit the set of included cmdlets as necessary.