Role-based access control
Exchange has one of the most interesting security models within the Office 365 services. Role-based access control (RBAC) was introduced in Exchange 2010 and can be used to control access to individual PowerShell (including access to individual parameters). Not only can you limit what end users can do, but you can also security-trim the Exchange admin center (EAC) since it relies on the Exchange management API.
As part of this introduction to security, we will create a new admin role with a limited scope, which is the typical scenario for delegated administration.
With its level of granularity, the Exchange security model can be somewhat complex at first. As the name suggests, access to commands and features is managed through roles; in addition to roles, there are several other concepts that we will introduce in the following section.
Management roles
Management roles stand at the center of the RBAC model. Because every aspect of Exchange is secured through them, there...