The team members on my service desk seem to have permissions to edit/create/delete OWA Mailbox Policies.
Does anyone know exactly what role would grant this?
There seems to be a lot listed under various built-in role groups.
Under Help Desk, these are listed:
| Distribution Groups |
| Mail Enabled Public Folders |
| Mail Recipient Creation |
| Mail Recipients |
| User Options |
View-Only Recipient They also have these set under a custom policy for approving activesync devices: Set-AuthRedirect The last group they are in lets them grant send as rights - Add-ADPermissionGet-ADPermission Remove-ADPermission I logged into a tools server with a test help desk privileged account. They can view the organization configuration and can edit/delete/create new OWA MB policies. They can't do anything else at all in the org configuration. The server configuration doesn't even show up at all and they can of course see the recipient configuration. Any ideas? Thanks, Cody |