Bumping this thread, because we ran into an additional reason for local domain admins to have impersonation ability.... CRM systems that need the ability to impersonate a user to manage their contacts and calendars. This ability exists in Exchange Server, and we currently use it with 3rd party software to automate certain processes.
A very large customer has a CRM application which can manage user contacts and calendars automatically, and it fully integrates with Exchange by impersonating users. The CRM vendor is hard-selling them on moving to Microsoft 365 hosted Exchange.
I will reiterate the original request, that system administrators should be able to delegate "impersonate user" rights to local mail domain admins. We are hearing this request LOUDLY from a large new MAPI/EAS customer who had impersonation ability on their old host, but lost it when they came to us.
Please UP-VOTE if you agree that we should be able to delegate impersonate-user rights to local domain admins. Right now we can delegate "view password" rights, but not "impersonate".