Error when accessing Exchange Online classic Admin Center (EAC): 403 Access denied :(

We have been pulling our hair out for several days due to this issue. Office 365 Exchange admin center gives the following error whereas the new admin center worked well.

when you click that “Exchange” blade from the Office 365 admin center, it usually takes you to the classic Admin center which we still need for some functions that new Admin center doesn’t have.

image 

clip_image001

After lots of struggle, we managed to figure out the Root cause and reported to Microsoft through an incident.

Root cause: Group based access assignments in Privileged Identity Management.

image

Workaround: We had assigned Azure AD Roles such as Global Administrator, Exchange Administrator via Group based PIM which did not work properly with classic EAC. Assigning Direct permissions fixed this and we managed to open the classic console immediately, right after the direct assignment. If you are facing the same, try to get rid of “Group Assignments” for Exchange Admins at least for the time being and go for “Direct Assignments

Official reference: https://docs.microsoft.com/en-us/azure/active-directory/roles/groups-concept 

KnownIssue

I will update this post up-on Microsoft’ support responses.

One thought on “Error when accessing Exchange Online classic Admin Center (EAC): 403 Access denied :(

  1. Pingback: Re: Exchange Online classic admin center error: 403:Sorry Access Denied :( | Application Package Repository Telkom University

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s