How to Grant Application Impersonation Rights in Office 365 - Revealed
OVERVIEW TO APPLICATION IMPERSONATION ROLE IN OFFICE 365
This blog is a complete user guide which will be discussing about what is application impersonation rights in Office 365, how to create a user in Office 365, why we should impersonate a user, and various methods which will explain how to grant application impersonation rights in Office 365.
In the situations where the users want to migrate mailboxes from other e-mail platforms to Office 365 or Exchange, they need to have full access enabled for Office 365 accounts to facilitate the migration without setting up complex user roles. Office 365 provides a feature named, application impersonation, which enables a user to impersonate users in an organization to perform tasks on his behalf. Application Impersonation is used in the cases where a single user account needs to access multiple user accounts.
Let us explore why we should assign Application impersonation management roles to the users.
WHY TO IMPERSONATE USER MAILBOX IN OFFICE 365?
The Application Impersonation role in Office 365 has many benefits, the following are few common reasons for setting up impersonation in Office 365:
- Reduces the affect of throttling and connection limits.
- Allows to migrate multiple mailboxes concurrently.
- Eliminates "Connection did not succeed" errors.
- Uses an O365 admin account without assigning any license to it.
Let us now look into various methods to assign application impersonation management role in office 365.
HOW TO GRANT APPLICATION IMPERSONATION RIGHTS IN OFFICE 365?
As discussed above, the mailbox impersonation in Office 365 is beneficial to the user or the organization as well. There are two ways to assign application impersonation management role in Office 365. The two methods to impersonate user in Office 365 are:
- Using Powershell
- Using Exchange Admin Centre
Let us learn more about the two methods in the section below.
SETTING UP OFFICE 365 APPLICATION IMPERSONATION USING POWERSHELL
- Run the Powershell.
- Also verify the Powershell version by typing:
- The blank response indicates that you are using version 1.0
- The which are newer than version 2.0, you should refer the detailed response.
- To avoid compatibility issues; keep the powershell updated.
- To manage the permissions or roles locally; execute the commands in EMS (Exchange Management Shell)
- Verify if the user account already has the impersonation rights assigned or not. Execute the following command:
where <account name> is the name of the administrator account on the target server you want to check
- Add mailbox impersonation roles:
where <impersonation Assignment Name> is a name of your choice. Be cautious that each assignment should have a unique name.
- You can remove impersonation permissions with the following command if necessary:
ADD APPLICATION IMPERSONATION PERMISSIONS USING EAC (EXCHANGE ADMIN CENTER)
Please follow the steps discussed below to assign application impersonation in Office 365 using Exchange Admin Center or Console (EAC):
Step 1: Log into your Microsoft Office 365 account.
Step 2: At left Navigation pane, click on “Permissions” (under Dashboard).
Step 3: Click on “Discovery Management” in right pane
Step 4: After clicking, a Discovery Management window will appear.
Step 5: Click on (+) button, select “ApplicationImpersonation” and click “add” button → Click “OK”.
Step 6: Verify if under the Roles, “ApplicationImpersonation” has been added or not.
Step 7: At Members section, click on (+) button → a new window will appear, select user name & click on “add” button → click OK.
Step 8: Verify if the username can be seen under “Members” section and click on “Save” button.
In this blog, we discussed about what is mailbox or application impersonation roles in Exchange Online or Office 365, the reasons why we should assign impersonation to a user account or mailbox, and two methods which show how to grant application impersonation rights in Office 365 using Exchange Admin Console or Powershell commands.