How to manage mail enabled security groups without full Exchange admin rights?

Arne VTR 20 Reputation points
2024-02-26T14:09:57.2233333+00:00

We have a lot of mail enabled security groups that are used to manage access to Sharepoints sites and are used for mailings. The problem is that our user admins cannot add new users to these groups without needing full Exchange admin rights. I have made a new Exchange Admin Role with only this option checked: 'Security Group Creation and Membership'. I would think that this, with the User Administrator role would be enough to be able to add users to mail enabled security groups. With full exchange admin rights you can add users to the mail enabled security groups from the Microsoft 365 admincenter, however with only the custom rule I made you cannot. Am I overlooking something? It seems to be overkill and not good for privacy nor security to give all my User Admins full Exchange rights aswell... Thanks and sorry for any errors in my writing...

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,565 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,598 questions
{count} votes

Accepted answer
  1. Vasil Michev 103.7K Reputation points MVP
    2024-02-26T17:37:39.0166667+00:00

    Said role should be sufficient, however I wouldn't expect it to work outside of the Exchange tools (i.e. the Exchange admin center or Exchange PowerShell). If using the latter, make sure to specify the -BypassSecurityGroupManagerCheck parameter.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.