In a Microsoft Exchange Server 2016 environment, consider the following scenario:
You create a Role Based Access Control (RBAC) management role by adding certain management role entries that are based on the Unified Messaging (UM) Mailboxes role, such as the Set-UMMailboxPIN cmdlet.
You create a management scope by using a recipient restriction filter and specify a particular organizational unit (OU) to the filter.
You create a management role group that has this management role and management scope assigned.
In this scenario, when admin members in the management role group run the Set-UMMailboxPIN cmdlet, they can reset the PINs on the UM-enabled mailboxes for users who are outside the scoped OU.
This issue occurs because the recipient restriction filter isn't correctly handled during running the cmdlet.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.