In this post we have a custom management role to restrict users from creating Activesync mailbox policy.
Below are the management role entries for the Recipient Policies Management role (responsible for creating a new active sync mailbox policy)
Created a new custom RBAC role named “Modified Recipient Policy” and removed the entries which needs to be removed
Then logged in to the exchange server as the test user account (RBACTest) – This user wasn’t able to create a new active sync policy.
Note: This RBAC permission takes effect only after you logout and login (Thank you Andrew for pointing this 🙂 )
Regards,
Ganesh G
Video Blog available > https://www.youtube.com/embed/Js9tdRfECus” target=”_blank”>Start Exchange
Ganyboy 