31.8 C
Dubai
Thursday, August 18, 2022
spot_img

How to give EWS permissions for BESAdmin in a Multi-Tenant Environment (/Hosting)

In multitenant environment even a admin account cannot access all the users in every tenant mailbox. Even giving AD permissions over those tenant users won’t work.

Let say a BESadmin account needs EWS permission for all the tenants in the Organizations. To do a Calendar sync or sending and receiving Meetings require EWS Permissions

As its in hosted mode. Every tenant Organization will have their own set of permissions

In order to provide EWS permissions for all the Tenant Users you need to create a Custom RBAC

Lets see how to do it.

Step 1:

Creating a Scope

New-ManagementScope -PartnerDelegatedTenantRestrictionFilter {Name -eq '*'} -Name BESEnabledOrgs

Step 2:

Create a Custom Role

New-ManagementRole -Parent PartnerDelegatedTenantManagement -Name EWSAccessforApp 

Step 3:

Assign it to a Service account

New-ManagementRoleAssignment -Role EWSAccessforApp -User "BESAdmin” -CustomConfigWriteScope BESEnabledOrgs

 

Now Besadmin should work without any issues – Calendar meetings.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Specialized in Microsoft Azure - Office 365 / Microsoft Exchange; conducted numerous projects worldwide in designing, supporting, and implementing messaging and virtualization infrastructure for medium-sized and large enterprises. Further, I am a Cloud Architect and Technical Advisor for various start-ups.

Related Articles

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here