In my previous post I explained what PIM for Groups is, what it takes to get started with PIM for Groups and how the configuration works. In this post, we are going to look at the different settings that are possible for activating PIM for Groups.
Sign in to the Azure portal and navigate to Azure Active Directory and select Groups. Find the right group, in this example the previously created group ‘PIM-for-Groups-example-group’. Select Privileged Access (Preview), then Settings.
Continue reading “Part 2 – Azure Privileged Identity Management (PIM) for Groups”
Today I need to configure Role Based Access Control (RBAC) within Exchange 2010. The people on the helpdesk department must be able to set Send-As permissions on the mailboxes. To configure RBAC within Exchange 2010, you can use the RBAC User Editor from the Exchange 2010 toolbox.
Default there are a few pre-configured management roles, each with his own rights and permissions. In my case I added the people from the Helpdesk department in the “Recipient Management” role group. But for setting Send-As permissions, they need some rights more to perform this action.
With the following command, you can extent the role group “Recipient Management” with the Send-As permissions, so they are able to configure Send-As permissions on a specific mailbox. The case in this one is that the Send-As permission is a Active Directory permission, so they also need the role “Active Directory Permissions”.
New-ManagementRoleAssignment -Name “ADPermissions Recipient Mgmt” -Role “Active Directory Permissions” -SecurityGroup “Recipient Management”
Get-ManagementRole “Active Directory Permissions” | fl
Get-RoleGroup -Identity “Recipient Management” | fl
Now the members of the role group “Recipient Management” have also the ability to change or configure Send-As permissions. You can also do this through the GUI by dubble-click on the group “Recipient Management” and add the specific management role. See the screenshots below.