Assigning Application Impersonation in Exchange Online (Office 365) by using Remote Windows PowerShell

You can use the New-ManagementRoleAssignment Exchange Management Shell cmdlet to assign the ApplicationImpersonation role to users in the organization. To configure impersonation in Exchange Online this way, you need to be able to run a Windows PowerShell script against your Exchange Online environment.   

In the following documents you can find more information about PowerShell setup and available cmdlets: Use Windows PowerShell in Exchange Online Reference to Available PowerShell Cmdlets in Exchange Online - check section ApplicationImpersonation cmdlets  

You also need to have permission to run the New-ManagementRoleAssignment cmdlet. Note that tenancy administrators are normally granted this permission by default.  

If you have issue with the permission please check see the "Organization configuration" entry in the Feature Permissions in Exchange Online topic to see what permissions you need.  

To run Windows PowerShell scripts against Exchange Online, you first need to establish a Remote Windows PowerShell Session to the Exchange Online environment. 

Please ensure you have set up a Remote PowerShell session correctly via the instructions at Connect Windows PowerShell to the Service before running the cmdlets.   

As mentioned earlier, to configure a service account to be able to impersonate a set of users, you need to grant the service account the ApplicationImpersonation role. 

This enables the service account to impersonate the specified user accounts and perform mailbox operations by using their rights.  Run the New-ManagementRoleAssignment cmdlet (as shown below) to grant the service account permission to impersonate all the users in the organization.  

Note: The Name parameter specifies the name of the new role assignment.
The Role parameter indicates that the ApplicationImpersonation role is assigned to the user specified by the User parameter.  

New-ManagementRoleAssignment
– Name:impersonationAssignmentName
– Role:ApplicationImpersonation
– User:serviceAccount

 More information: Getting Started with Windows PowerShell Configure user passwords to never expire

Fandt du dit svar?