Cross-premises navigation link

Question

Hi - I have tried to find information on this but still not winning.

I would like to give some of my IT staff access to manage user mailboxes in my Exchange 2013 Hybrid environment.

I believe I gave them the correct permissions but if they click the cross-premises navigation tab called "Office 365" in the Exchange EAC screen it just links to the Office 365 sign-up page and not to the Office 365 exchange management EAC. I understand that this is the default behaviour if you don't have a O365 tenant but clearly we do and not just that but the user in question has access to the Exchange Admin portal on portal.office.com which is essentially the same thing, right?

It works fine for me but not for them. I assume its a permission or role I need to set but simply cant find any information on the internet where this is. I am truly surprised something so simple is so hard to figure out. Either that or I am being very stupid and missing the obvious.

Please let me know how I can fix this as I would like my staff to be able to create remote mailboxes for O365 form the Exchange on-premise EAC.

Thanks,

Answer 1

Hi Erick - thank you again for the reply.

I think I have managed to find the solution though.

Through much trial and error it seems, as most things are, it is permissions related.

The ability to create Remote Mailboxes via the Exchange EAC in a hybrid exchange environment is to make sure the user trying to make the change has at least Exchange Organization Management membership on the on-premise environment.

The O365 online role based permissions for the same user does not seem to make much difference in this scenario at all. I tried with Global Admin and with basic User role and as long as they are member of the Organization Management on-premise group they can both create remote mailboxes as well access the Exchange EAC via "Enterprise" and "Office 365" tabs in the EAC

I also think the user needs to be a member of the Recipient Management group but I haven't done enough testing to confirm nor deny this guess.

I must say that this is somewhat disappointing as I would like to give some junior members of my IT team permissions to create these remote mailboxes but now I have to basically give them the key to the castle as with Organization Management they get full access to break/change/modify almost anything. Not ideal...

I'm surprised there isn't better granular permissions in this regard and equally surprised there is so little information on the net regarding how and what is needed to do something so "every day" as create a user and mailbox in an exchange hybrid environment.

*scratches head*...

Answer 2

Hi Techstuff,

You are correct. Thanks for your sharing and I’m glad that the issue has been resolved. Other community members who are in the same situation will benefit from this thread. If you have other questions in the future, you’re welcome to post a new thread.

About the permission feedback, would you mind submitting feedback to our relatedteam? Customers’ feedback will help better our products and services.

Best Regards,

Erick

Answer 3

Hi Techstuff,

Thanks for your sharing. Your understanding is correct.

I understand that you want the user to manage remote mailboxes, but the user cannot see the button “Office 365 mailbox”. If anything is wrong, please feel free to correct me.

If my understanding is correct, may I confirm whether you and other users have the same permissions? Please provide some screenshots for our analysis. To protect your privacy, I have sent you a private message to collect them. Please click on the link below to access your Private Message:

https://answers.microsoft.com/en-us/privatemessages/list

Generally, the remote command is related to the group “Recipient Management”. Please check whether users are members of this group?

Best Regards,

Erick

Answer 4

Hi Erick - many thanks for your reply but I think we have confused ourselves. It took me a while to figure it out but I think I did.

The problem comes with the difference between "sign-up" and "sign-in"

So the problem I have is that the user clicks the "Office 365" tab in the Exchange EAC, it then opens a generic Microsoft Website offering you to "sign-up" to an Office 365 package.

It should just take you to a page to ask you to "sign-in" to Office 365, like what you mentioned above.

According to this KB: https://technet.microsoft.com/en-us/library/jj659048(v=exchg.150).aspx

if you DONT have an Exchange online this is normal behaviour but obviously I do. Not only that but as mentioned, this user can indeed login to portal.office.com and has access to the Admin app and within that has access to the Exchange Admin portal.

But the problem remains, how and why does it not allow him to manage on-premise and O365 via the Hybrid Exchange EAC page.

Essentially, I want him to be able to create Remote Mailboxes by clicking on the following as per the following screenshot but that option does not exist for him and I suspect its because he is not able to manage cross-premise:

Answer 5

Hi Techstuff,

Based on your description, when you click “Office 365” and go to the Office 365 sign-up page, it is a normal behavior. If you already have Office 365 tenants, you still need to type in the username and password to login (if you haven’t logon to the Office 365 for a long time, it will sign out automatically due to security reasons. You may need to sign in again next time.). Meantime, you also need Office 365 admin accounts to login to the EAC. Given the situation, you only need to make sure whether you have Office 365 admin accounts to log into the EAC.

Best Regards,

Erick