When your dedicated environment of the Microsoft Business Productivity Online Suite was deployed, a specific role group was set up to let you implement EWS impersonation rights. In the
Self-Service Guide for Exchange Online, this role group is defined as follows.
Collapse this tableExpand this table
Impersonation Rights for Exchange Web Service Applications | E2010-MSO Self Service - EWS Application Impersonation | SG members (Service Accounts) will be granted impersonation rights to all mailboxes in the Exchange organization for use with Exchange Web Service applications. |
If this role group was not provisioned for you, you have to file a new Change Request to have the role group provisioned.
This is how the role group will look on the Microsoft provisioning side:
get-rolegroup "XF-CUS-EWS App Imp" | fl name,*linked*
Name: XF-CUS-EWS App Imp
LinkedGroup: DOMAIN\E2010-MSO Self Service - EWS Application Impersonation
The role group corresponds to a security group that you provision on your side. That group is the�E2010-MSO Self Service - EWS Application Impersonation security group. After the role group is provisioned on the Microsoft side, you must make sure that the service account that the application is using is a member of the�E2010-MSO Self Service - EWS Application Impersonation�security group in your environment.