Role Based Access Control (RBAC) setup

This guide will show you how to use Role Based Access Control (RBAC) in Powershell to limit the scope of the Robin app to only room or equipment mailboxes. These steps will need to be done after connecting via app.

 

Find the Robin Powered (Admin Consent) app in the Enterprise apps section of Azure. 

 

In Exchange Online Powershell run the command:

New-ServicePrincipal -AppId [app ID]  -ObjectId [object ID] -DisplayName "Robin"

With a limited scope, the application has access to room and equipment calendars only.

In the Exchange management shell, run the command:

New-ManagementScope -Name "RobinCalendars" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}

 

Then apply the management scope: 

New-ManagementRoleAssignment -Role “Application Calendars.ReadWrite” -App [Robin app ID] -CustomResourceScope “RobinCalendars”

 

Reference:  

Role Based Access Control for Applications in Exchange Online 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share