Download - M06 EXO Permissions v1.4
-
8/16/2019 M06 EXO Permissions v1.4
1/30
Module 6Exchange OnlinePermissions
Presenter Name
Presenter Role
-
8/16/2019 M06 EXO Permissions v1.4
2/30
Conditions and Terms of UseMicrosoft Condential
This training package is proprietary and condential and is intended only for uses descri!ed in the training materials" Conteto you under a Non%&isclosure 'greement and cannot !e distri!uted" Copying or disclosing all or any portion of the content asuch packages is strictly prohi!ited"
The contents of this package are for informational and training purposes only and are pro$ided )as is) #ithout #arranty of animplied including !ut not limited to the implied #arranties of merchanta!ility tness for a particular purpose and non%infrin
Training package content including *R+s and other ,nternet -e! site references is su!.ect to change #ithout notice" /ecausto changing market conditions the content should not !e interpreted to !e a commitment on the part of Microsoft and Microaccuracy of any information presented after the date of pu!lication" *nless other#ise noted the companies organi0ations pmail addresses logos people places and e$ents depicted herein are ctitious and no association #ith any real company odomain name e%mail address logo person place or e$ent is intended or should !e inferred"
Copyright and Trademarks1 2345 Microsoft Corporation" 'll rights reser$ed"
Microsoft may ha$e patents patent applications trademarks copyrights or other intellectual property righmatter in this document" Except as expressly pro$ided in #ritten license agreement from Microsoft the furndocument does not gi$e you any license to these patents trademarks copyrights or other intellectual prop
Complying #ith all applica!le copyright la#s is the responsi!ility of the user" -ithout limiting the rights undthis document may !e reproduced stored in or introduced into a retrie$al system or transmitted in any forelectronic mechanical photocopying recording or other#ise7 or for any purpose #ithout the express #riMicrosoft Corporation"
8or more information see Use of Microsoft Copyrighted Content athttp9((###"microsoft"com(a!out(legal(permissions(
Microsoft: ,nternet Explorer: Outlook: ;ky&ri$e: -indo#s !ox ?63: &irect>: -i-indo#s: are either registered trademarks or trademarks of Microsoft Corporation in the *nited ;tates anOther Microsoft products mentioned herein may !e either registered trademarks or trademarks of Microsoft*nited ;tates and(or other countries" 'll other trademarks are property of their respecti$e o#ners"
http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/
-
8/16/2019 M06 EXO Permissions v1.4
3/30
This module co$ers the permission model of Exch
• O$er$ie# of Role /ased 'ccess Control R/'C
• Management Roles @roups and ;copes
• Role 'ssignment Policies
• Outlook -e! 'pp Policies
O$er$ie#9
-
8/16/2019 M06 EXO Permissions v1.4
4/30
O!.ecti$es
5
'fter completing this module you #ill !e a!le to9
• *nderstand the permission structure of Excha
• 'dminister Exchange Online R/'C
-
8/16/2019 M06 EXO Permissions v1.4
5/30
O$er$ie# of
Exchange Online'ccess Control
A
-
8/16/2019 M06 EXO Permissions v1.4
6/30
Role /ased
'ccessControl
6
Role /ased 'ccess Control R/'C7
• Pro$ides a more granular #ay for 'dministrato
the exact le$el of 'dministrati$e access that iother users in the tenant
• 'dministrators can use pre%congured or custroles
Role @roups
• Administrator Role also kno#n as Role @ro
% &etermines #hich Exchange o!.ects an 'dm
$ie# and manage in the Organi0ation $ie# of the E'C
• User Role also kno#n as a Role 'ssignment
% &etermines #hat options an End%*ser sees ithe ECP
-
8/16/2019 M06 EXO Permissions v1.4
7/30
R/'C and
'cti$e&irectory&omain;er$ices
B
• Controls who can perform what and where
• Once agreed the action is performed !y the E
• The ser$ers through the Exchange Trusted group has extended rights in 'cti$e &irectory
-
8/16/2019 M06 EXO Permissions v1.4
8/30
R/'C Roles
Control
Who is !eing gi$en the a!ility
o!.ects
Where are the controlled o
located
What kinds of
o!.ects
can !e controlled
-
8/16/2019 M06 EXO Permissions v1.4
9/30
R/'C D
-ho
F
R/'C can !e used to assign permissions to !oth 'dminis
*sers in Exchange Online
OGce ?6A'dministrators
-
8/16/2019 M06 EXO Permissions v1.4
10/30
R/'C D
-ho'dministrator
43
OGce ?6A 'dministrators can !e added to Role
Groups"
Role @roups allo# specic access to !e assigned to
a group of 'dministrators"
These role groups can !e customi0ed #ith specic
permissions depending on the desires of the
organi0ation"
OGce ?6A'dministrators
Role @roup
-
8/16/2019 M06 EXO Permissions v1.4
11/30
R/'C D
-here'dministrator
44
'dministrators are
typically gi$en control
o$er Exchange o!.ects
across the entire
organi0ation tenant7"
This access can !e
limited to part of the
organi0ation !ut in
most cases access is
granted to the entire
organi0ation"
OGce ?6A'dministrators
Organi0ation
Role @roup
-
8/16/2019 M06 EXO Permissions v1.4
12/30
R/'C D
-hat'dministrator
42
'dminigroups
Exchan
*ser M
Contac
folders
OGce ?6A'dministrators
Organi0ation
Role @roupMail!oxes
Pu!lic 8olders
Contacts
Po#er;hell
-
8/16/2019 M06 EXO Permissions v1.4
13/30
R/'C D -ho
End *ser
4?
End *sers in ExchangeOnline can !e assigneda *ser Role also kno#nas a Role 'ssignmentPolicy to gain access tospecic settings
OGce ?6A'dministrators
Role '
-
8/16/2019 M06 EXO Permissions v1.4
14/30
R/'C D
-hereEnd *ser
45
OGce ?6A'dministrators
Out
Role '
;pecically *ser Roles
allo# Exchange Online
users to gain access to
specic settings
presented in the Options
in Outlook -e! 'pp
-
8/16/2019 M06 EXO Permissions v1.4
15/30
R/'C D
-hatEnd *ser
4A
OGce ?6A'dministrators
Out
Role '
*ser Roles can control the a!ility to9
• Create and manage distri!ution gro
• Manage mo!ile de$ices
• ,ntegrate 8ace!ook: and +inked,n:
&istri!ution @roup
+inked,n 8ace/ook
Mo!ile &e$ices
-
8/16/2019 M06 EXO Permissions v1.4
16/30
O?6A 'dmin
Roles $s"E>O 'dminRoles$s"E>O *ser Roles
46
Roles can !e assigned !y using9
• OGce ?6A 'dmin Center
•
Exchange 'dmin Center• Po#er;hell
!ce "#$ %dministrator roles allo# you to control '0o!.ects and functionality only #hich limits you to adminis
• OGce ?6A 'dmin Center
• '0ure 'cti$e &irectory Module for -indo#s Po#er;hel
Exchange %dmin roles limit you to administering Excha• Exchange 'dmin Center
• Remote Po#er;hell
Exchange User roles limit #hat the user can see and doptions page
-
8/16/2019 M06 EXO Permissions v1.4
17/30
Exchange'dminCenterPermissionsPage
4B
-
8/16/2019 M06 EXO Permissions v1.4
18/30
&efaultRole @roups
4
• On the 'dmin Roles ta! in E'C administratorsof default role groups #hich co$er most deleg
administration needs• 'dministrators can create ne# role groups fro
make a copy of a default role group and custofunctionality !y adding or remo$ing roles fromgroup
-
8/16/2019 M06 EXO Permissions v1.4
19/30
&efaultExchange'dminRoles
4F
-
8/16/2019 M06 EXO Permissions v1.4
20/30
Exchange'dminCenter
-
8/16/2019 M06 EXO Permissions v1.4
21/30
Role @roupsandPo#er;hell
24
• To get a list of role groupsGet-RoleGroup
• To see #ho is a mem!er of a role groupGet-RoleGroupMember -Identity "Recipient Ma
• To add a user to a role group Add-RoleGroupMember "Recipient Manageme John
• To remo$e a mem!er of a role groupRemove-RoleGroupMember "Recipient Manag
John
-
8/16/2019 M06 EXO Permissions v1.4
22/30
*ser Roles
22
• *ser roles are dened !y a role assignment po
• This policy grants end users permissions to se
-e! 'pp options and perform other self%admi• ' default role assignment policy exists in Exch
that has all O-' options ena!led !y default"
• Iou can create customi0ed role assignment po
$ia Po#er;hell and restrict #hat options are a
• Role assignment policies are assigned to the m
• To create a role assignment policy $ia Po#er;
New-RoleAssignmentolicy -Name "!imited" -R"MyersonalInormation"# "My$istributionGrou
• To assign the ne# policy to all mail!oxes $ia PGet-Mailbo% & 'et-Mailbo% (RoleAssignmento
-
8/16/2019 M06 EXO Permissions v1.4
23/30
Outlook -e!
'ccess Policies
2?
-
8/16/2019 M06 EXO Permissions v1.4
24/30
ConguringO-'Mail!oxPolicies
25
O#a Mail!ox Policies control the features a$aila!
Outlook -e! 'pp" 8or example9 'dministrators ca
opening all attachments in O-'
Nota!le Congura!le options9
• /locked('llo#ed 'ttachment types
• 'ccess to Calendar Conguration
• ;ocial Net#ork Conguration
• *sers may select themes for O-'
-
8/16/2019 M06 EXO Permissions v1.4
25/30
'pplyingO-'Mail!oxPolicy to*sers
2A
Rules for 'pplying O-' Mail!ox Policies9
• Only one Outlook -e! 'pp mail!ox policy can !e mail!ox
• The 'et-*A'Mailbo% cmdlet may !e used to apply
• Or use E'C to single%select or !ulk%select mail!oxe
-
8/16/2019 M06 EXO Permissions v1.4
26/30
End userexperience9&efaultPolicy $sRestrictedPolicy
26
*ser #ith &efault O-' Mail!ox Policy
*ser #ith limited O-' Mail!ox Policy
-
8/16/2019 M06 EXO Permissions v1.4
27/30
+a!9 Managing
PermissionsR/'C7
2B
-
8/16/2019 M06 EXO Permissions v1.4
28/30
ModuleRe$ie#
2
4" -hat is the diJerence !et#een an Exchange role and *ser role
2" -hat ena!les Exchange ;er$er to create and&irectory o!.ects
?" ,f you #anted to gi$e the user the a!ility to m#hole Exchange Online tenant #hat role groadd them to
-
8/16/2019 M06 EXO Permissions v1.4
29/30
-
8/16/2019 M06 EXO Permissions v1.4
30/30
1 2342 Microsoft Corporation" 'll rights reser$ed" Microsoft -indo#s -indo#s