Azure PIM support for custom Exchange RBAC Role Groups
Add support to manage custom Exchange RBACs through Azure PIM. Currently, as far as I can tell, it is only possible to manage the built-in “Exchange Administraor” role through PIM. However we do not use this role because it provides access to far too many Exchange cmdlets. Instead we have created many custom Exchange RBACs and associated Role Groups which provide minimum levels of access for various different teams in our organisation. We have been testing Azure PIM and would like to use it but it only works with the built-in all powerful “Exchange Administraor” role. Please add support to apply any custom Exchnage RBAC through PIM to allow granular control of Exchange Admin Privileges.
C. Bobbitt commented
It should honor existing Custom write scopes, and should not apply Company Admin rights by default either
Brian Watson commented
This would be a big improvement in the process.