M06 EXO Permissions v1.4

  • Upload
    beto

  • View
    222

  • Download
    0

Embed Size (px)

Citation preview

  • 8/16/2019 M06 EXO Permissions v1.4

    1/30

    Module 6Exchange OnlinePermissions

    Presenter Name

    Presenter Role

  • 8/16/2019 M06 EXO Permissions v1.4

    2/30

    Conditions and Terms of UseMicrosoft Condential

     This training package is proprietary and condential and is intended only for uses descri!ed in the training materials" Conteto you under a Non%&isclosure 'greement and cannot !e distri!uted" Copying or disclosing all or any portion of the content asuch packages is strictly prohi!ited"

     The contents of this package are for informational and training purposes only and are pro$ided )as is) #ithout #arranty of animplied including !ut not limited to the implied #arranties of merchanta!ility tness for a particular purpose and non%infrin

     Training package content including *R+s and other ,nternet -e! site references is su!.ect to change #ithout notice" /ecausto changing market conditions the content should not !e interpreted to !e a commitment on the part of Microsoft and Microaccuracy of any information presented after the date of pu!lication" *nless other#ise noted the companies organi0ations pmail addresses logos people places and e$ents depicted herein are ctitious and no association #ith any real company odomain name e%mail address logo person place or e$ent is intended or should !e inferred"

    Copyright and Trademarks1 2345 Microsoft Corporation" 'll rights reser$ed"

    Microsoft may ha$e patents patent applications trademarks copyrights or other intellectual property righmatter in this document" Except as expressly pro$ided in #ritten license agreement from Microsoft the furndocument does not gi$e you any license to these patents trademarks copyrights or other intellectual prop

    Complying #ith all applica!le copyright la#s is the responsi!ility of the user" -ithout limiting the rights undthis document may !e reproduced stored in or introduced into a retrie$al system or transmitted in any forelectronic mechanical photocopying recording or other#ise7 or for any purpose #ithout the express #riMicrosoft Corporation"

    8or more information see Use of Microsoft Copyrighted Content athttp9((###"microsoft"com(a!out(legal(permissions(

    Microsoft: ,nternet Explorer: Outlook: ;ky&ri$e: -indo#s !ox ?63: &irect>: -i-indo#s: are either registered trademarks or trademarks of Microsoft Corporation in the *nited ;tates anOther Microsoft products mentioned herein may !e either registered trademarks or trademarks of Microsoft*nited ;tates and(or other countries" 'll other trademarks are property of their respecti$e o#ners"

    http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/http://www.microsoft.com/about/legal/permissions/

  • 8/16/2019 M06 EXO Permissions v1.4

    3/30

     This module co$ers the permission model of Exch

    • O$er$ie# of Role /ased 'ccess Control R/'C

    • Management Roles @roups and ;copes

    • Role 'ssignment Policies

    • Outlook -e! 'pp Policies

    O$er$ie#9

  • 8/16/2019 M06 EXO Permissions v1.4

    4/30

    O!.ecti$es

    5

    'fter completing this module you #ill !e a!le to9

    • *nderstand the permission structure of Excha

    • 'dminister Exchange Online R/'C

  • 8/16/2019 M06 EXO Permissions v1.4

    5/30

    O$er$ie# of

    Exchange Online'ccess Control

    A

  • 8/16/2019 M06 EXO Permissions v1.4

    6/30

    Role /ased

    'ccessControl

    6

    Role /ased 'ccess Control R/'C7

    • Pro$ides a more granular #ay for 'dministrato

    the exact le$el of 'dministrati$e access that iother users in the tenant

    • 'dministrators can use pre%congured or custroles

    Role @roups

    •  Administrator Role also kno#n as Role @ro

      % &etermines #hich Exchange o!.ects an 'dm

    $ie# and  manage in the Organi0ation $ie# of the E'C

    • User Role also kno#n as a Role 'ssignment

    % &etermines #hat options an End%*ser sees ithe ECP

  • 8/16/2019 M06 EXO Permissions v1.4

    7/30

    R/'C and

    'cti$e&irectory&omain;er$ices

    B

    • Controls who can perform what  and where

    • Once agreed the action is performed !y the E

    •  The ser$ers through the Exchange Trusted group has extended rights in 'cti$e &irectory

  • 8/16/2019 M06 EXO Permissions v1.4

    8/30

    R/'C Roles

    Control

    Who is !eing gi$en the a!ility

    o!.ects

    Where are the controlled o

    located

    What kinds of

    o!.ects

     can !e controlled

  • 8/16/2019 M06 EXO Permissions v1.4

    9/30

    R/'C D

    -ho

    F

    R/'C can !e used to assign permissions to !oth 'dminis

    *sers in Exchange Online

    OGce ?6A'dministrators

  • 8/16/2019 M06 EXO Permissions v1.4

    10/30

    R/'C D

    -ho'dministrator

    43

    OGce ?6A 'dministrators can !e added to Role

    Groups"

    Role @roups allo# specic access to !e assigned to

    a group of 'dministrators"

     These role groups can !e customi0ed #ith specic

    permissions depending on the desires of the

    organi0ation"

    OGce ?6A'dministrators

    Role @roup

  • 8/16/2019 M06 EXO Permissions v1.4

    11/30

    R/'C D

    -here'dministrator

    44

    'dministrators are

    typically gi$en control

    o$er Exchange o!.ects

    across the entire

    organi0ation tenant7"

     This access can !e

    limited to part of the

    organi0ation !ut in

    most cases access is

    granted to the entire

    organi0ation"

    OGce ?6A'dministrators

    Organi0ation

    Role @roup

  • 8/16/2019 M06 EXO Permissions v1.4

    12/30

    R/'C D

    -hat'dministrator

    42

    'dminigroups

    Exchan

    *ser M

    Contac

    folders

    OGce ?6A'dministrators

    Organi0ation

    Role @roupMail!oxes

    Pu!lic 8olders

    Contacts

    Po#er;hell

  • 8/16/2019 M06 EXO Permissions v1.4

    13/30

    R/'C D -ho

    End *ser

    4?

    End *sers in ExchangeOnline can !e assigneda *ser Role also kno#nas a Role 'ssignmentPolicy to gain access tospecic settings

    OGce ?6A'dministrators

    Role '

  • 8/16/2019 M06 EXO Permissions v1.4

    14/30

    R/'C D

    -hereEnd *ser

    45

    OGce ?6A'dministrators

    Out

    Role '

    ;pecically *ser Roles

    allo# Exchange Online

    users to gain access to

    specic settings

    presented in the Options

    in Outlook -e! 'pp

  • 8/16/2019 M06 EXO Permissions v1.4

    15/30

    R/'C D

    -hatEnd *ser

    4A

    OGce ?6A'dministrators

    Out

    Role '

    *ser Roles can control the a!ility to9

    • Create and manage distri!ution gro

    • Manage mo!ile de$ices

    • ,ntegrate 8ace!ook: and +inked,n:

    &istri!ution @roup

    +inked,n 8ace/ook

    Mo!ile &e$ices

  • 8/16/2019 M06 EXO Permissions v1.4

    16/30

    O?6A 'dmin

    Roles $s"E>O 'dminRoles$s"E>O *ser Roles

    46

    Roles can !e assigned !y using9

    • OGce ?6A 'dmin Center

    Exchange 'dmin Center• Po#er;hell

    !ce "#$ %dministrator roles allo# you to control '0o!.ects and functionality only #hich limits you to adminis

    • OGce ?6A 'dmin Center

    • '0ure 'cti$e &irectory Module for -indo#s Po#er;hel

    Exchange %dmin roles limit you to administering Excha• Exchange 'dmin Center

    • Remote Po#er;hell

    Exchange User roles limit #hat the user can see and doptions page

  • 8/16/2019 M06 EXO Permissions v1.4

    17/30

    Exchange'dminCenterPermissionsPage

    4B

  • 8/16/2019 M06 EXO Permissions v1.4

    18/30

    &efaultRole @roups

    4

    • On the 'dmin Roles ta! in E'C administratorsof default role groups #hich co$er most deleg

    administration needs• 'dministrators can create ne# role groups fro

    make a copy of a default role group and custofunctionality !y adding or remo$ing roles fromgroup

  • 8/16/2019 M06 EXO Permissions v1.4

    19/30

    &efaultExchange'dminRoles

    4F

  • 8/16/2019 M06 EXO Permissions v1.4

    20/30

    Exchange'dminCenter

  • 8/16/2019 M06 EXO Permissions v1.4

    21/30

    Role @roupsandPo#er;hell

    24

    •  To get a list of role groupsGet-RoleGroup

    •  To see #ho is a mem!er of a role groupGet-RoleGroupMember -Identity "Recipient Ma

    •  To add a user to a role group Add-RoleGroupMember "Recipient Manageme John

    •  To remo$e a mem!er of a role groupRemove-RoleGroupMember "Recipient Manag

     John

  • 8/16/2019 M06 EXO Permissions v1.4

    22/30

    *ser Roles

    22

    • *ser roles are dened !y a role assignment po

    •  This policy grants end users permissions to se

    -e! 'pp options and perform other self%admi• ' default role assignment policy exists in Exch

    that has all O-' options ena!led !y default"

    •  Iou can create customi0ed role assignment po

    $ia Po#er;hell and restrict #hat options are a

    • Role assignment policies are assigned to the m

    •  To create a role assignment policy $ia Po#er;

    New-RoleAssignmentolicy -Name "!imited" -R"MyersonalInormation"# "My$istributionGrou

    •  To assign the ne# policy to all mail!oxes $ia PGet-Mailbo% & 'et-Mailbo% (RoleAssignmento

  • 8/16/2019 M06 EXO Permissions v1.4

    23/30

    Outlook -e!

    'ccess Policies

    2?

  • 8/16/2019 M06 EXO Permissions v1.4

    24/30

    ConguringO-'Mail!oxPolicies

    25

    O#a Mail!ox Policies control the features a$aila!

    Outlook -e! 'pp" 8or example9 'dministrators ca

    opening all attachments in O-'

    Nota!le Congura!le options9

    • /locked('llo#ed 'ttachment types

    • 'ccess to Calendar Conguration

    • ;ocial Net#ork Conguration

    • *sers may select themes for O-'

  • 8/16/2019 M06 EXO Permissions v1.4

    25/30

    'pplyingO-'Mail!oxPolicy to*sers

    2A

    Rules for 'pplying O-' Mail!ox Policies9

    • Only one Outlook -e! 'pp mail!ox policy can !e mail!ox

    •  The 'et-*A'Mailbo%  cmdlet may !e used to apply

    • Or use E'C to single%select or !ulk%select mail!oxe

  • 8/16/2019 M06 EXO Permissions v1.4

    26/30

    End userexperience9&efaultPolicy $sRestrictedPolicy

    26

    *ser #ith &efault O-' Mail!ox Policy

    *ser #ith limited O-' Mail!ox Policy

  • 8/16/2019 M06 EXO Permissions v1.4

    27/30

    +a!9 Managing

    PermissionsR/'C7

    2B

  • 8/16/2019 M06 EXO Permissions v1.4

    28/30

    ModuleRe$ie#

    2

    4" -hat is the diJerence !et#een an Exchange role and *ser role

    2" -hat ena!les Exchange ;er$er to create and&irectory o!.ects

    ?" ,f you #anted to gi$e the user the a!ility to m#hole Exchange Online tenant #hat role groadd them to

  • 8/16/2019 M06 EXO Permissions v1.4

    29/30

  • 8/16/2019 M06 EXO Permissions v1.4

    30/30

    1 2342 Microsoft Corporation" 'll rights reser$ed" Microsoft -indo#s -indo#s