Role Groups are used in Exchange Online to control Access to Mailbox settings and features.
These Groups should only include Exchange Administrators and those tasked with Organizational Mailbox Management.
1. Role Assignment Polcies allow you to grant or restrict
what settings can be change on a User's own mailbox or
Distrubution Group.
Think of them as RBACfor end-users. An example would
be applying a policy that restricts Exchange users from
installing MarketPlace Apps.
Role Groups are a way to apply the same Role settings for multipe users.
These can be individual Users, Admins, or Groups.
Once they are added as a member of the Role Group, they are automatically
granted All Roles in the Role Group.
E
xchangeO
nlineR
oleG
roups
(R
oleB
asedaccesscontrols)
Role 3 Role 4
Role Group
User
Role 2 (Device
Administrator)
Role 1 (Exchange
Administrator)
Security Group
Exchange
Admin
Console
(EAC)
Role Assignment
policy
Admin Mail
Access