question

CabelloUlises-8203 avatar image
0 Votes"
CabelloUlises-8203 asked CabelloUlises-8203 commented

Need a AAD Role to Manage Global Address List Visibility

In following with the principle of least privilege, I like to give my Help Desk staff the ability to hide a user (that only exists in AAD) from the Global Address List.
Is there a AAD role that accomplishes that without making Help Desk staff an exchange admin or is there a way to tackle this with a custom role?

azure-ad-user-management
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@CabelloUlises-8203 I just wanted to check in and see if you had any other questions or if you were able to resolve this issue? If you have any other questions, please let us know.

Thank you for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution

0 Votes 0 ·

We are in the process of evaluating Intune for managing iPads (instead of AirWatch) and have a need to setup Azure based user accounts with a different domain that we also own (lets call Y-Domain) that we like to keep segregated from our primary user base (lets call X-Domain). We want to prevent X based users to see the Y based users in the GAL. BTW - if we get stakeholder approval to proceed - we would enrolling 1000's of devices in Intune. Another idea would also be if we can have GALs that are segregated / not visible to each other.

0 Votes 0 ·

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered CabelloUlises-8203 commented

According to my research, the user needs to be an Exchange Admin/Global admin to be able to manage and hide the users. There doesn't appear to be another role that can do this.

If you provide the details about your use case, I would be happy to pass this on as a feature request to the product team and see if they can offer any workarounds in the meantime.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We are in the process of evaluating Intune for managing iPads (instead of AirWatch) and have a need to setup Azure based user accounts with a different domain that we also own (lets call Y-Domain) that we like to keep segregated from our primary user base (lets call X-Domain). We want to prevent X based users to see the Y based users in the GAL. BTW - if we get stakeholder approval to proceed - we would enrolling 1000's of devices in Intune. Another idea would also be if we can have GALs that are segregated / not visible to each other.

0 Votes 0 ·