Some customers may not wish to give Global Admin rights to Service Accounts
Please Note
These Steps are only valid for accounts required for Migration Manager for Exchange Operation
They are not designed to work for Migration Manager for Active Directory Operation
Development has come back to one customer with these suggestions of an alternate permission set.
- "Mail Recipients" role in Exchange online
- "ApplicationImpersonation" role in Exchange online
- Assigning license requires "User management administrator" in O365
Note: this is the result of quick research, only a few tests performed (migrating mail, switch - ok, MMAD and CPUU - not tested). Full scale research and testing cycle with official results will take much more time.
In the real world the customer can use as a workaround the restrictive model for Service Accounts. This is done in the Azure Environment and one customer has done this by IP address.
Example:
O365_Service_Account1 = Only accessed by IP_Of_Agent_Host1
O365_Service_Account2 = Only accessed by IP_Of_Agent_Host2
© ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz Cookie Preference Center