====== Minimal Message Tracking Admin Role ======

<code PowerShell [enable_line_numbers="true"]>

# PS Module
Connect-ExchangeOnline

# Variables
$RoleGroup = "Custom Message Tracking Admin Group"
$RoleName = "Minimal Message Tracking Admin Role"
$Administrators = "fk@fikas.eu","jk@fikas.eu"

# Custom Role Creation
New-ManagementRole -Name $RoleName  -Description "Allows using Get-MessageTrace and Get-MessageTraceDetail cmdltes only" -Parent "View-Only Recipients"
$RoleEntries = (Get-ManagementRole $RoleName).RoleEntries
$UnneededCmdlets = @()
foreach($RoleEntry in $RoleEntries){$UnneededCmdlets += $($RoleEntry.split(" "))|where-object{$_ -like "*-*" -and $_ -notlike "-*"}}
$UnneededCmdlets = $UnneededCmdlets|where-object{$_ -notlike "Get-MessageTraceDetail" -and $_ -notlike "Get-MessageTrace"}
foreach($UnneededCmdlet in $UnneededCmdlets){Remove-ManagementRoleEntry "$RoleName\$UnneededCmdlet" -Confirm:$false}
New-RoleGroup -Name $RoleGroup -Roles $RoleName

# Role Assignment
Update-RoleGroupMember -Identity $RoleGroup -Members $Administrators -Confirm:$false

</code>