Monday , November 18 2019

How to give EWS permissions for BESAdmin in a Multi-Tenant Environment (/Hosting)

In multitenant environment even a admin account cannot access all the users in every tenant mailbox. Even giving AD permissions over those tenant users won’t work.

Let say a BESadmin account needs EWS permission for all the tenants in the Organizations. To do a Calendar sync or sending and receiving Meetings require EWS Permissions

As its in hosted mode. Every tenant Organization will have their own set of permissions

In order to provide EWS permissions for all the Tenant Users you need to create a Custom RBAC

Lets see how to do it.

Step 1:

Creating a Scope

New-ManagementScope -PartnerDelegatedTenantRestrictionFilter {Name -eq '*'} -Name BESEnabledOrgs

Step 2:

Create a Custom Role

New-ManagementRole -Parent PartnerDelegatedTenantManagement -Name EWSAccessforApp 

Step 3:

Assign it to a Service account

New-ManagementRoleAssignment -Role EWSAccessforApp -User "BESAdmin” -CustomConfigWriteScope BESEnabledOrgs

 

Now Besadmin should work without any issues – Calendar meetings.

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

DNS Prerequisites for Cross Forest Migration

Lets see how to create a conditional Forwarder in Microsoft DNS and inflobox to Create ...

2 comments

  1. bga rework stations

    hello It’s a nice post.

  2. Nice article!

Leave a Reply

Your email address will not be published.