Recently I created an RBAC role group for some of my team members so that they could manage a subset of Exchange features in one of our O365 instance. While the Role group I created had the following roles
- Distribution Groups
- HistoricalSearch
- Mail Enabled Public Folders
- Mail Recipient Creation
- Mail Recipients
- Message Tracking
- Public Folders
- Security Group Creation and Membership
- Security Reader
- User Options
- View-Only Audit Logs
- View-Only Configuration
The “message trace” option was not available under “Mail flow” in the EAC for the members of this role group even though they had access to the get-messagetrace cmdlet when connecting to this Instance via PowerShell. After a call to Microsoft we discovered that we had to add the ‘View Only Recipients’ role to reveal that option in the EAC. This was odd seeing that they had the ‘Mail Recipients’ role already, but it worked.
