Chatee ahora con Soporte
Chat con el soporte

Power365 Current - Minimal Permissions Model for Power365 Basic Projects How-To Guide

Step 1: Create Distribution Group

This section outlines the steps required to implement the minimal permissions model in either the source or target tenant. PowerShell is the recommended way of creating the required components, although the Microsoft 365 admin center interface can be used.

Assumptions

  • The Power365 Service Account has been created within the tenant, with the following configuration:

    • E1 or higher license

    • An active Exchange Mailbox

  • The authentication method within the Power365 project will be Basic Authentication

A Distribution Group is required in the tenant. All mailboxes in scope for migration will be a member of this group. The Management Scope will target this Distribution Group to restrict Power365 access to only the mailboxes that are a member of the Distribution Group.

  1. Use PowerShell to create the Distribution Group using the following command:

    $AdGroup = New-DistributionGroup -Name "BT-Migrations"

  2. Populate the Distribution Group with source or target mailboxes that Power365 will migrate from/to.

Step 2: Create Exchange Online Management Scope

A Management Scope provides a method to limit an Exchange Online Admin Role to a specific set of mailboxes. The new Management Scope can be created using the following PowerShell command:

New-ManagementScope –Name “Power365 Mailboxes” -RecipientRestrictionFilter "MemberOfGroup -eq '$($ADGroup.DistinguishedName)'"

Step 3: Create Exchange Online Management Role Group

A dedicated Management Role Group should be created for the migrations to ensure separation between specialist role groups and BAU role groups. The Exchange Online Management Role Group can be created using the following PowerShell command:

New-RoleGroup -Name "Power365 Mailbox Access" -Description "Mailbox Access Role group for use with Binary Tree Power365 Mail Migrations" -CustomRecipientWriteScope "Power365 Target Mailboxes" -Roles “Mail Recipients”,"Migration"

To complete these tasks in Exchange Online Control panel, use the following steps:

  1. Logon to the Exchange Online Admin Center.

  2. In the Exchange Online Admin Center, select Permissions.

  3. Select the default Recipient Management (1) admin role and click the copy button (2).

  1. This will create a copy of the Recipient Management Role:

    1. Change the Name to “Power365 Mailbox Access”.

    2. Set the Write scope to Power365 Target Mailboxes (the name of the management scope) and save the Management role group.

    3. Remove all Roles except for:

      • Mail Recipients

      • Migration

Step 4: Assign the Role Group to the Power365 Service Account

The Power365 Service account must now be assigned to the Management Role Group. By assigning the Service Account to the Role Group, the Service Account will have the required permissions to migrate from or to mailboxes that are a member of the Distribution Group, created in step 1.

To complete this task using PowerShell, use the following command:

Add-RoleGroupMember -Identity "Power365 Mailbox Access" -Member "<Service Account UPN>"

To complete this task using Exchange Online Control Panel, use the instructions below:

  1. Open the properties of the Power365 Mailbox Access Management Role Group and click the + button under the Members section.

  1. From the available list, select the service account and click the add button. Then, click the OK button to add the user as a member of the Management Role Group. Then, save the changes to the Role Group.

Step 2: Create Exchange Online Management Scope

This section outlines the steps required to implement the minimal permissions model in either the source or target tenant. PowerShell is the recommended way of creating the required components, although the Microsoft 365 admin center interface can be used.

Assumptions

  • The Power365 Service Account has been created within the tenant, with the following configuration:

    • E1 or higher license

    • An active Exchange Mailbox

  • The authentication method within the Power365 project will be Basic Authentication

Step 1: Create Distribution Group

A Distribution Group is required in the tenant. All mailboxes in scope for migration will be a member of this group. The Management Scope will target this Distribution Group to restrict Power365 access to only the mailboxes that are a member of the Distribution Group.

  1. Use PowerShell to create the Distribution Group using the following command:

    $AdGroup = New-DistributionGroup -Name "BT-Migrations"

  2. Populate the Distribution Group with source or target mailboxes that Power365 will migrate from/to.

A Management Scope provides a method to limit an Exchange Online Admin Role to a specific set of mailboxes. The new Management Scope can be created using the following PowerShell command:

New-ManagementScope –Name “Power365 Mailboxes” -RecipientRestrictionFilter "MemberOfGroup -eq '$($ADGroup.DistinguishedName)'"

Step 3: Create Exchange Online Management Role Group

A dedicated Management Role Group should be created for the migrations to ensure separation between specialist role groups and BAU role groups. The Exchange Online Management Role Group can be created using the following PowerShell command:

New-RoleGroup -Name "Power365 Mailbox Access" -Description "Mailbox Access Role group for use with Binary Tree Power365 Mail Migrations" -CustomRecipientWriteScope "Power365 Target Mailboxes" -Roles “Mail Recipients”,"Migration"

To complete these tasks in Exchange Online Control panel, use the following steps:

  1. Logon to the Exchange Online Admin Center.

  2. In the Exchange Online Admin Center, select Permissions.

  3. Select the default Recipient Management (1) admin role and click the copy button (2).

  1. This will create a copy of the Recipient Management Role:

    1. Change the Name to “Power365 Mailbox Access”.

    2. Set the Write scope to Power365 Target Mailboxes (the name of the management scope) and save the Management role group.

    3. Remove all Roles except for:

      • Mail Recipients

      • Migration

Step 4: Assign the Role Group to the Power365 Service Account

The Power365 Service account must now be assigned to the Management Role Group. By assigning the Service Account to the Role Group, the Service Account will have the required permissions to migrate from or to mailboxes that are a member of the Distribution Group, created in step 1.

To complete this task using PowerShell, use the following command:

Add-RoleGroupMember -Identity "Power365 Mailbox Access" -Member "<Service Account UPN>"

To complete this task using Exchange Online Control Panel, use the instructions below:

  1. Open the properties of the Power365 Mailbox Access Management Role Group and click the + button under the Members section.

  1. From the available list, select the service account and click the add button. Then, click the OK button to add the user as a member of the Management Role Group. Then, save the changes to the Role Group.

Step 3: Create Exchange Online Management Role Group

This section outlines the steps required to implement the minimal permissions model in either the source or target tenant. PowerShell is the recommended way of creating the required components, although the Microsoft 365 admin center interface can be used.

Assumptions

  • The Power365 Service Account has been created within the tenant, with the following configuration:

    • E1 or higher license

    • An active Exchange Mailbox

  • The authentication method within the Power365 project will be Basic Authentication

Step 1: Create Distribution Group

A Distribution Group is required in the tenant. All mailboxes in scope for migration will be a member of this group. The Management Scope will target this Distribution Group to restrict Power365 access to only the mailboxes that are a member of the Distribution Group.

  1. Use PowerShell to create the Distribution Group using the following command:

    $AdGroup = New-DistributionGroup -Name "BT-Migrations"

  2. Populate the Distribution Group with source or target mailboxes that Power365 will migrate from/to.

Step 2: Create Exchange Online Management Scope

A Management Scope provides a method to limit an Exchange Online Admin Role to a specific set of mailboxes. The new Management Scope can be created using the following PowerShell command:

New-ManagementScope –Name “Power365 Mailboxes” -RecipientRestrictionFilter "MemberOfGroup -eq '$($ADGroup.DistinguishedName)'"

A dedicated Management Role Group should be created for the migrations to ensure separation between specialist role groups and BAU role groups. The Exchange Online Management Role Group can be created using the following PowerShell command:

New-RoleGroup -Name "Power365 Mailbox Access" -Description "Mailbox Access Role group for use with Binary Tree Power365 Mail Migrations" -CustomRecipientWriteScope "Power365 Target Mailboxes" -Roles “Mail Recipients”,"Migration"

To complete these tasks in Exchange Online Control panel, use the following steps:

  1. Logon to the Exchange Online Admin Center.

  2. In the Exchange Online Admin Center, select Permissions.

  3. Select the default Recipient Management (1) admin role and click the copy button (2).

  1. This will create a copy of the Recipient Management Role:

    1. Change the Name to “Power365 Mailbox Access”.

    2. Set the Write scope to Power365 Target Mailboxes (the name of the management scope) and save the Management role group.

    3. Remove all Roles except for:

      • Mail Recipients

      • Migration

Step 4: Assign the Role Group to the Power365 Service Account

The Power365 Service account must now be assigned to the Management Role Group. By assigning the Service Account to the Role Group, the Service Account will have the required permissions to migrate from or to mailboxes that are a member of the Distribution Group, created in step 1.

To complete this task using PowerShell, use the following command:

Add-RoleGroupMember -Identity "Power365 Mailbox Access" -Member "<Service Account UPN>"

To complete this task using Exchange Online Control Panel, use the instructions below:

  1. Open the properties of the Power365 Mailbox Access Management Role Group and click the + button under the Members section.

  1. From the available list, select the service account and click the add button. Then, click the OK button to add the user as a member of the Management Role Group. Then, save the changes to the Role Group.

Step 4: Assign the Role Group to the Power365 Service Account

This section outlines the steps required to implement the minimal permissions model in either the source or target tenant. PowerShell is the recommended way of creating the required components, although the Microsoft 365 admin center interface can be used.

Assumptions

  • The Power365 Service Account has been created within the tenant, with the following configuration:

    • E1 or higher license

    • An active Exchange Mailbox

  • The authentication method within the Power365 project will be Basic Authentication

Step 1: Create Distribution Group

A Distribution Group is required in the tenant. All mailboxes in scope for migration will be a member of this group. The Management Scope will target this Distribution Group to restrict Power365 access to only the mailboxes that are a member of the Distribution Group.

  1. Use PowerShell to create the Distribution Group using the following command:

    $AdGroup = New-DistributionGroup -Name "BT-Migrations"

  2. Populate the Distribution Group with source or target mailboxes that Power365 will migrate from/to.

Step 2: Create Exchange Online Management Scope

A Management Scope provides a method to limit an Exchange Online Admin Role to a specific set of mailboxes. The new Management Scope can be created using the following PowerShell command:

New-ManagementScope –Name “Power365 Mailboxes” -RecipientRestrictionFilter "MemberOfGroup -eq '$($ADGroup.DistinguishedName)'"

Step 3: Create Exchange Online Management Role Group

A dedicated Management Role Group should be created for the migrations to ensure separation between specialist role groups and BAU role groups. The Exchange Online Management Role Group can be created using the following PowerShell command:

New-RoleGroup -Name "Power365 Mailbox Access" -Description "Mailbox Access Role group for use with Binary Tree Power365 Mail Migrations" -CustomRecipientWriteScope "Power365 Target Mailboxes" -Roles “Mail Recipients”,"Migration"

To complete these tasks in Exchange Online Control panel, use the following steps:

  1. Logon to the Exchange Online Admin Center.

  2. In the Exchange Online Admin Center, select Permissions.

  3. Select the default Recipient Management (1) admin role and click the copy button (2).

  1. This will create a copy of the Recipient Management Role:

    1. Change the Name to “Power365 Mailbox Access”.

    2. Set the Write scope to Power365 Target Mailboxes (the name of the management scope) and save the Management role group.

    3. Remove all Roles except for:

      • Mail Recipients

      • Migration

The Power365 Service account must now be assigned to the Management Role Group. By assigning the Service Account to the Role Group, the Service Account will have the required permissions to migrate from or to mailboxes that are a member of the Distribution Group, created in step 1.

To complete this task using PowerShell, use the following command:

Add-RoleGroupMember -Identity "Power365 Mailbox Access" -Member "<Service Account UPN>"

To complete this task using Exchange Online Control Panel, use the instructions below:

  1. Open the properties of the Power365 Mailbox Access Management Role Group and click the + button under the Members section.

  1. From the available list, select the service account and click the add button. Then, click the OK button to add the user as a member of the Management Role Group. Then, save the changes to the Role Group.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación