Configuring an Office 365 Service User with access to all Room Resource Mailboxes (PowerShell)
In a scenario where you are managing a large number of resource mailboxes, you may not want to assign delegation or impersonation privileges on a mailbox by mailbox basis.
For Microsoft Office 365 and Exchange environments, you can easily create a service user who has access to all Room Resource mailboxes on your tenant in just 3 lines of PowerShell.
The first line connects to Exchange Online (must be a Global Admin).
The second line creates a named Management scope for your service user to manage Room mailboxes. Note: Equipment mailboxes and workspace mailboxes will not be managed by this rule.
The third line assigns the management scope to your user (replace SERVICEACCOUNTUPN with your service user's email or UPN)
You can read more here:
https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-configure-impersonation#to-configure-impersonation-for-all-users-in-an-organization
Update: Use the following if you wish to do the same thing for all resources, including meeting rooms, workspaces, and equipment:
For Microsoft Office 365 and Exchange environments, you can easily create a service user who has access to all Room Resource mailboxes on your tenant in just 3 lines of PowerShell.
PowerShell
Connect-ExchangeOnline -ShowBanner:$false -Device
New-ManagementScope -Name "RoomMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox"}
New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "SERVICEACCOUNTUPN" –CustomRecipientWriteScope "RoomMailboxes"The first line connects to Exchange Online (must be a Global Admin).
The second line creates a named Management scope for your service user to manage Room mailboxes. Note: Equipment mailboxes and workspace mailboxes will not be managed by this rule.
The third line assigns the management scope to your user (replace SERVICEACCOUNTUPN with your service user's email or UPN)
You can read more here:
https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-configure-impersonation#to-configure-impersonation-for-all-users-in-an-organization
Update: Use the following if you wish to do the same thing for all resources, including meeting rooms, workspaces, and equipment:
Connect-ExchangeOnline -ShowBanner:$false -Device
New-ManagementScope -Name "RoomWorkspacesAndEquipment" -RecipientRestrictionFilter { RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "Workspace" -or RecipientTypeDetails -eq "EquipmentMailbox" }
New-ManagementRoleAssignment -Name "RoomMailboxManager" -Role "ApplicationImpersonation" -User SERVICEACCOUNTUPN -CustomRecipientWriteScope "RoomWorkspacesAndEquipment"Updated on: 08/09/2024
Thank you!