Exchange Online · Organization Management
Exchange Administrator
Entra ID role that provides full administrative access to Exchange Online. Members are synchronized to the ExchangeServiceAdmins role group which inherits Organization Management permissions.
Scope: Organization-wide Exchange Online administration via Entra ID
Permissions
- Inherits all Organization Management role group permissions
- Manage all aspects of Exchange Online
- Create and manage mailboxes and groups
- Configure mail flow policies
- Manage Exchange Online protection settings
- View and manage Exchange reports
- Configure compliance and retention settings
Common use cases
- Dedicated Exchange Online management
- Hybrid Exchange environment administration
- Email policy and compliance management
- Preferred over Global Admin for Exchange-only tasks
Best practices
- Use instead of Global Admin for Exchange-specific tasks
- Enable PIM for just-in-time access
- Assign in Microsoft 365 admin center or Entra ID
- Cannot be managed directly in Exchange admin center
Security considerations
- Can access all mailbox content through eDiscovery
- Can impersonate any mailbox
- Can modify all mail flow rules
- Membership synchronized automatically - cannot edit in Exchange