Share via

Which of these roles is able to do the following actions on Exchange Admin Center?

Igor Godinho 100 Reputation points
2024-01-23T14:51:37.9666667+00:00

Which of the roles below is able to execute these actions on Exchange Admin Center?

  • ADD OR REMOVE A MEMBER
  • ADD OWNER
  • SEND AS
  • SEND ON BEHALF
  • SHARED MAIL BOX FULL ACCESS

The first table if an user that is not being able to do these operations (even though he is exchange admin) and the second is an user that is (even though he is not exchange admin)

User's image

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,198 questions
Exchange | Exchange Server | Management
0 comments
Accepted answer
  1. Kael Yao 37,751 Reputation points Moderator
    2024-01-24T02:19:25.48+00:00

    Hi @Igor Godinho

    Let's first divide this issue into two different parts:

    1.ADD OR REMOVE A MEMBER and ADD OWNER

    2.SEND AS, SEND ON BEHALF and SHARED MAIL BOX FULL ACCESS

    The first part is the default permissions which an Exchange admin should have.

    Besides, these permissions will also be available if the user is the owner of this group.

    If as an Exchange admin you cannot manage the group membership, please have a check in Exchange Admin Center>Roles>Admin Roles to see if the Distribution Group role is missing from the Organization Management Group. 01

    The second part is the permissions that are configured on the specific mailbox.

    It does not matter if you are an Exchange admin or not.

    (In other words admins cannot SendAs/SendOnBehalf or Full Access other mailboxes if they are not assigned these permissions to the mailboxes)

    Please refer to this link to have a check if you have assigned the delegate permission of the mailbox:

    Manage permissions for recipients in Exchange Online

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azar 29,520 Reputation points MVP Volunteer Moderator
    2024-01-23T15:09:31.7166667+00:00

    Hey Igor Godinho

    Given the actions above I guess the Exchange Administrator role fits best.

    This role includes the permissions needed for managing recipients, distribution groups, mailboxes, and mailbox folder permissions, which cover actions such as adding or removing members, adding owners, sending as, sending on behalf, and having full access to shared mailboxes.\
    User's image

    Follow the link below foe more info

    https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task

    If this helps kindly accept the answer thanks much

    1 person found this answer helpful.
  2. Thameur-BOURBITA 36,266 Reputation points Moderator
    2024-01-23T15:15:06.61+00:00

    Hi @Igor Godinho

    Exchange administrator should be enough. For more details I invite your to read this article:

    About the Exchange Administrator role

    Please don't forget to accept helpful answer

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.