Management scopes Exchange Online

Question

We have created custom management scopes and custom role groups which align with our Support model (country, regional and global support) as we did with our Exchange OnPrem environment.
We have created the required management scopes and linked the management scopes to the correct role groups.

We have added the synced groups (Onprem groups which are synced to AzureAD) to the Management Role Groups, but the members cannot manage the Exchange objects within their scope. The Synced group are added, and can see them as members. When I add the users directly to the Management Role groups, then they are able to manage Exchange Objects within their scope.

Is this by design?

Answer 1

I have opened a support case, and there they confirmed what I was fearing. Only direct assigned members get the administrative privileges. It looks like the cloud is designed for small businesses, because we are forced to revert to micromanagement!

Answer 2

Use the command to check whether the roles are added to the user of the group successfully,

Get-ManagementRoleAssignment -GetEffectiveUsers | Where-Object {$_.EffectiveUserName -eq "User"} | select-object Role

Also make sure the member added to the role group is a mailbox, USG, or computer. Detailed information: New-RoleGroup

Answer 3

I see what I expect to see.
I can clearly see the rolegroups and the roles which have been assigned to the user.
However the user is still not able to manage objects within his region.

Answer 4

I created a cloud group and have entered to members to that cloud group and this doesn't work as well