Applies to: Office 365 for enterprises, Live@edu
Topic Last Modified: 2011-03-19
Before you create new mailboxes, you'll want to make sure that the default role assignment policy assigns the roles and the permissions you want to give to most mailboxes in your organization. Although you can remove roles from the default role assignment policy, you can also designate an existing role assignment policy that assigns the appropriate roles and permissions as the default role assignment policy.
You use Windows PowerShell to set the default role assignment policy. The default role assignment policy is associated with all the mailbox plans in your organization, and the roles and permissions defined by the default role assignment policy are applied to all new mailboxes you create.
Let's look at how to:
- View the available role assignment policies and identify the current default role assignment policy
- Set the default role assignment policy
- Rename a role assignment policy
To learn how to install and configure Windows PowerShell and connect to the service, see Use Windows PowerShell in Exchange Online.
Run the following command:
In this example, we've used the Format-Table option to display the properties we want to see: the name and whether the role assignment policy is the default. The command returns a list of the role assignment policies that you can assign to mailboxes in your organization. The default role assignment policy will show True in the IsDefault column.
Note You can easily view the role assignment policies in the Exchange Control Panel: Select Manage My Organization > Roles & Auditing > User Roles. However, you can't determine the default role assignment policy there. By default, the default role assignment policy is named "Default Role Assignment Policy". However, if multiple role assignment policies exist, the name of the role assignment doesn't necessarily indicate it's the default.
First, decide which role assignment policy you want to assign to most mailboxes, and then make that plan the default by running the following command:
For example, to make the role assignment policy named "Staff" the default, run the following command:
The IsDefault parameter is a switch parameter. This means you don't have to specify a value after the parameter. It just turns a setting on or off. If you use the IsDefault parameter, it makes the specified role assignment policy the default, and the current default role assignment policy becomes an optional role assignment policy.
If you make a different role assignment policy the default, the fact that the first role assignment policy in your organization is named "Default Role Assignment Policy" can be confusing. You can change the display name of a role assignment policy to make it easier to remember or to reference on the command line.
-
In Manage My Organization > Roles & Auditing > User Roles, select the role assignment policy you want to rename, and click Details.
-
In the Name field, enter the new name, and click Save.
Run the following command:
For example, to rename "Default Role Assignment Policy" "Managers and Executives", run the following command:
After you make these changes, you can refer to the role assignment policies by their new display names.
When you designate a new default role assignment policy, that role assignment policy is automatically applied to all new mailboxes you create. However, the new default role assignment policy isn't applied to existing mailboxes. To assign a role assignment policy to existing mailboxes, see the "Assign the role assignment policy to many users" section in Allow Users to Change Their Display Names in Office 365.
