36.1 C
Monday, June 17, 2024

How to give EWS permissions for BESAdmin in a Multi-Tenant Environment (/Hosting)

In multitenant environment even a admin account cannot access all the users in every tenant mailbox. Even giving AD permissions over those tenant users won’t work.

Let say a BESadmin account needs EWS permission for all the tenants in the Organizations. To do a Calendar sync or sending and receiving Meetings require EWS Permissions

As its in hosted mode. Every tenant Organization will have their own set of permissions

In order to provide EWS permissions for all the Tenant Users you need to create a Custom RBAC

Lets see how to do it.

Step 1:

Creating a Scope

New-ManagementScope -PartnerDelegatedTenantRestrictionFilter {Name -eq '*'} -Name BESEnabledOrgs

Step 2:

Create a Custom Role

New-ManagementRole -Parent PartnerDelegatedTenantManagement -Name EWSAccessforApp 

Step 3:

Assign it to a Service account

New-ManagementRoleAssignment -Role EWSAccessforApp -User "BESAdmin” -CustomConfigWriteScope BESEnabledOrgs


Now Besadmin should work without any issues – Calendar meetings.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles



Please enter your comment!
Please enter your name here