In multitenant environment even a admin account cannot access all the users in every tenant mailbox. Even giving AD permissions over those tenant users won’t work.
Let say a BESadmin account needs EWS permission for all the tenants in the Organizations. To do a Calendar sync or sending and receiving Meetings require EWS Permissions
As its in hosted mode. Every tenant Organization will have their own set of permissions
In order to provide EWS permissions for all the Tenant Users you need to create a Custom RBAC
Lets see how to do it.
Step 1:
Creating a Scope
New-ManagementScope -PartnerDelegatedTenantRestrictionFilter {Name -eq '*'} -Name BESEnabledOrgs
Step 2:
Create a Custom Role
New-ManagementRole -Parent PartnerDelegatedTenantManagement -Name EWSAccessforApp
Step 3:
Assign it to a Service account
New-ManagementRoleAssignment -Role EWSAccessforApp -User "BESAdmin” -CustomConfigWriteScope BESEnabledOrgs
Now Besadmin should work without any issues – Calendar meetings.
hello It’s a nice post.
Nice article!