Hello, @Gus-0185,
Welcome to the Microsoft Q&A platform!
Based on your description, I understand your concern about assigning appropriate permissions without overly privileging users. Although the Microsoft documentation recommends using the Organization Management role group, it does have the potential to grant too many privileges.
To manage permissions more granularly, you can create custom role groups that contain only the necessary roles. You can do this by following these steps:
1. Create a New Role Group: Open the Exchange Admin Center (EAC), Navigate to Roles>Admin Roles>Add Role Group.
2. Name your new role group and add the essential roles that are likely needed. For example, Message Tracking, View-Only Audit Logs, View-Only Configuration, View-Only Recipients, Communication Compliance Admin, Audit Logs, Role Management (allow modifications if needed), Security Reader (access message trace functionalities if needed).
3. Add Members: Add the specific users who need access to this functionality to the new role group.
4. Save and Test the Role Group: After creating the new role group, test to ensure that the users can successfully download message trace reports without encountering permission errors.
If you need more precise guidance on this process, please click on Manage role groups in Exchange Online | Microsoft Learn for reference.
If the answer is helpful please click on ACCEPT ANSWER as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.
Thank you for your support and understanding.
Best Wishes,
Alex Zhang