Assign Exchange or Purview admin role job

This job assigns the selected service principal to an Exchange or Purview admin role group of your choice.

If the service principal does not already exist in the target service, the job automatically creates it before completing the role assignment.

Job Requirements

To assign a role group to a service principal in Exchange, your current session credentials must belong to an Entra admin role group that has the Exchange Administrator permission (or Global admin) AND an Exchange admin role that has the Role Management Permission.

To assign a service principal to a role group in Purview, the current session credentials must also belong to an Exchange admin role group that has the Mailbox Import Export permission.

To run this job in a sapio365 session that is set to use certificate authentication for Exchange Online PowerShell, the service principal associated to sapio365 registered application must have the required roles.

How to run this job

From the Dashboard, look up a service principal or open the Service Principals module:

1. Select the service principal and click Run on the job in Jobs panels on the left.

2. Choose a service (Exchange or Purview) and click Next to get a list of available role groups. If the service principal does not “exist” in in the service, it will be created.

3. Select a role group and click OK.

You’ll get a confirmation if it was added successfully.