Introduction
Permission management is an essential task for any messaging administrator. Exchange Server and Exchange Online both use the same permission model that was originally introduced in Exchange 2010 called Role-Based Access Control (RBAC).
This module examines how RBAC enables you to control what administrators and end users can do at both broad and granular levels. You'll also learn how RBAC enables you to closely align the roles you assign users and administrators to the actual roles they hold within your organization.
This module examines the basics of administrator roles that are managed through RBAC. Management role groups associate management roles to a group of administrators or specialist users that need to complete administrative tasks. You'll learn how to add or remove users to or from role groups. This process is how you most often assign permissions to administrators or specialist users.
You'll then be introduced to the built-in role groups provided in Exchange. Each group provides permissions to manage specific areas in Exchange. You'll also learn how to create custom management role groups. Custom groups may be necessary if the built-in RBAC management role groups don't provide sufficient permissions for all your company job roles.
You'll also examine the steps necessary to troubleshoot permission issues related to RBAC roles and role groups in Exchange.
This module concludes with an introduction to Privileged Identity Management (PIM) and how it can enable organizations to minimize the number of people who have access to secure information or resources.
Prerequisites
This module is designed for persons who are aspiring to the Microsoft 365 Messaging Administrator role. The prerequisites for this module include:
- Ability to navigate the Microsoft 365 admin center, the Exchange admin center, and the Microsoft Defender portal.
- Ability to create Domain Name System (DNS) records at an intermediate level.
- Familiarity with Active Directory concepts such as centralized domain management, sites, and directory-based identity-related services.
- Ability to write PowerShell commands at an intermediate level.
Learning objectives
After completing this module, you'll be able to:
- Describe how RBAC is used to assign roles to users.
- Understand management role groups and their administrative tasks.
- Assign the built-in management roles for messaging administration.
- Create custom management roles and assign them through role assignment policies to users.
- Troubleshoot RBAC management roles.
- Describe how Privileged Identity Management enables you to manage, control, and monitor access to important resources in your organization.