delegated administration for a scope of users

Ig132435 1 Reputation point

In our M365 tenant we have multiple domains.
In Exchange Online I've been able to use a management role, group, assignment, and scope to allow a user make changes to mailbox properties in a specific domain only in ECP.
However, this user is still able to view mailbox properties in all the other domains.

Is there a way to hide the mailboxes that are not in the scope from this user in ECP?

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,374 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 145.1K Reputation points MVP

    No, thats the way RBAC works. This article says 2013, but the concept is the same:

    You can't change the implicit scopes defined on management roles. You can, however, override the implicit write scope and configuration scope on a management role. When a predefined relative scope or custom scope is used on a role assignment, the implicit write scope of the role is overridden, and the new scope takes precedence. The implicit read scope of a role can't be overridden and always applies.