Share via

RBAC - Which Role type would give admins to create email alias in "Microsoft 365" group?

Muhammad Rahman 20 Reputation points
2023-08-02T13:59:20.5733333+00:00

Which Role type would give admins to create email alias in "Microsoft 365" group? I have tried exchange admin and group admin but still no luck for Microsoft 365 groups?

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,188 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
978 questions
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
0 comments
Accepted answer
  1. Aholic Liang-MSFT 13,886 Reputation points Microsoft External Staff
    2023-08-08T06:58:31.19+00:00

    Hi @Muhammad Rahman ,

    I have found the solution

    Great to know that you've already thought of a solution and really appreciate it for your sharing!

    By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others.". and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

    【RBAC - Which Role type would give admins to create email alias in "Microsoft 365" group?】

    Issue Symptom:

    Which Role type would give admins to create email alias in "Microsoft 365" group? 

    I have tried exchange admin and group admin but still no luck for Microsoft 365 groups?

    The Solution:

    when assigning roles to admins they will need to be directly added to the PIM role for Exchange Admin. I currently had the admins in a security group (already been enabled for Azure AD Roles) but for the Exchange Admin role if they are in that security group it gives them all access to Exchange Admin except the ability to create email alias only for "Microsoft 365" group but for anything else in Exchange they get full access.

     

    You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks!

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2023-08-03T07:31:38.68+00:00

    @Muhammad Rahman Thank you for reaching out to us, As I understand you want to create alias for Microsoft 365 group which you created in Azure AD.

    As per this article - https://support.microsoft.com/en-us/office/learn-about-microsoft-365-groups-b565caa1-5c40-40ef-9915-60fdb2d97fa2#ID0EBBF=Manage:~:text=Additionally%2C%20if%20you%20have you can use Exchange online PowerShell to manage the settings of Microsoft 365 group.

    Example of a similar ask/issue has been discussed here - https://answers.microsoft.com/en-us/msoffice/forum/all/adding-an-email-alias-to-an-office-365-group/4117f66c-7884-44db-8f72-0efcfb882d88 which can be achieved using Set-unifiedGroup cmdlet.

    If my understanding of the issue is incorrect, feel free to post back.

    Let me know if you have any further questions.

  2. Muhammad Rahman 20 Reputation points
    2023-08-04T07:55:45.6233333+00:00

    I have found the solution and when assigning roles to admins they will need to be directly added to the PIM role for Exchange Admin. I currently had the admins in a security group (already been enabled for Azure AD Roles) but for the Exchange Admin role if they are in that security group it gives them all access to Exchange Admin except the ability to create email alias only for "Microsoft 365" group but for anything else in Exchange they get full access.

    This seems to resolve the question I had asked, and thank you all for helping me which is greatly appreciated.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.