This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 67%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXG%3C/text%3E%3C/svg%3E)
Hi All,
I tried creating a custom role that would combine some permissions of the Exchange Recipient administrator role and the Exchange Administrator role.
When I created the custom role I cloned the Exchange Administrator role and tried adding some permissions from the Exchange Recipient administrator role and I was not able to find any. I then started the custom role from scratch and was not able to find the permissions I wanted from the Exchange Recipient administrator role.
Can someone please confirm if this is possible and how I could do this?
Thank you in advance!
The Exchange Admin can do everything the Recipient Manager can do so there would be no reason to combine them.
You can't create custom roles for Exchange from Azure however, it an Exchange thing
https://learn.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
Hi Andy,
Thank you for your response.
There were a couple of Exchange Recipient administrator role permissions that I did not find in The Exchange Admin role... I want to grant users a role that doesn't have as many permissions as the Exchange admin role but more than the Exchange Recipient administrator role. I was able to create a PIM custom role in Azure AD under 'roles and permissions'. We only want to rely on PIM and RBAC for permissions which is why we will not be using the roles that appear in the Exchange admin centre.
Ok, the existing Exchange roles are the only ones available. If you want to to create a custom role, you have to create an Exchange specific role, not an Azure one.
One thing I have not tested with an Exchange role is creating a custom role in Exchange and adding to a PIM enabled group like this. I know it works for Purview:
https://nikkichapple.com/how-to-apply-just-in-time-access-to-security-compliance-roles/
Hi Andy, these are the roles I am referring to. We have removed a user from the Exchange roles in the Exchange admin centre and added him to the Custom role and he is able to manage the settings he normally uses in the Exchange admin center.
Right, but you can't create custom ones from those on the Azure side.