How to Get an Exchange Online Mailbox Permissions Report

Get Exchange Online Mailbox Permissions Report Using Lepide Auditor
3 min read | Published On - July 25, 2023
In This Article

Having visibility over Exchange Online mailbox permissions is essential for ensuring security and compliance. When a user is given access to an Exchange Online mailbox, they can read, change, delete or move mailbox content to other mailboxes, including those outside of the organization. To secure sensitive mailbox content and prevent data leakage, you will need to be able to see who has access to which mailboxes at any point in time. In this article, we will show you how to view mailbox permissions in Exchange Online in two ways; by using PowerShell and using Lepide Auditor for Exchange.

Using PowerShell to Get Mailbox Permissions Report

In Exchange Online, the native tool for getting a summary of users who have access to other users’ mailboxes is PowerShell. Using the Get-MailboxPermission PowerShell command, you can check which users have what type of permissions to access other mailboxes. However, this command does not list all mailbox permissions. For instance, to see ‘Send on Behalf’ rights, you must use different syntax. Similarly, if you need to see the permissions of a specific security group, you must add the Get-ADGroupMember cmdlet to the script.

The steps below explain the PowerShell method:

  1. Connect to Office 365 PowerShell by running the PowerShell ISE as Administrator and executing the following command:
  2. Install-Module -Name ExchangeOnlineManagement
    Connect-ExchangeOnline -UserPrincipalName paul@adminabc.onmicrosoft.com

    Office 365 Login

  3. To identify a specific mailbox to get permissions use the following command:
    Get-Mailbox -Identity ‘Adam_Smith@adminabc.onmicrosoft.com'
  4. To get the permissions of the specific mailbox defined at step 2:
    Get-MailboxPermission -Identity ‘Adam_Smith@adminabc.onmicrosoft.com'
  5. To view information about ‘Send As’ permissions:
    Get-EXORecipientPermission -Identity ‘Adam_Smith@adminabc.onmicrosoft.com'
  6. To report on mailboxes with the ‘Send on Behalf’ permission:
    Get-Mailbox-Identity ‘Adam_Smith@adminabc.onmicrosoft.com'|?{$_.GrantSendOnBehalfTo}|Select-object Name,GrantSendOnBehalfTo
  7. To Export / Get Output to CSV format run the following script
    Connect-ExchangeOnline -UserPrincipalName paul@adminabc.onmicrosoft.com
    $P = Get-Mailbox -Identity ‘Adam_Smith@adminabc.onmicrosoft.com'
    $Q = Get-MailboxPermission -Identity ‘Adam_Smith@adminabc.onmicrosoft.com'
    $R = Get-EXORecipientPermission -Identity ‘Adam_Smith@adminabc.onmicrosoft.com'
    $S = Get-Mailbox -Identity ‘Adam_Smith@adminabc.onmicrosoft.com'|?{$_.GrantSendOnBehalfTo}|Select-object Name,GrantSendOnBehalfTo
    $P, $Q, $R, $S| out-file 'C:\data\Test.csv'
  8. Review the report:
    Report

Using Lepide Auditor for Exchange

The native method for reporting on Exchange Online Mailbox Permissions is both complex and time consuming.

Lepide Auditor for Exchange gives complete visibility into your Exchange Online mailbox permissions using the Permissions by Mailbox Report. This predefined report provides complete audit information quickly and easily without the need for any PowerShell scripting expertise.

Below is an example of the Permissions by Mailbox report:
Mailbox Permissions Report

To run the report:

  • From the Permissions & Privileges screen, click on the Permissions by Mailbox report
  • Select Exchange Online from the Exchange Server(s) filter
  • Click Generate Report
  • Click on a mailbox to see who has access

Get Exchange Online Mailbox Permissions Report Using Lepide Auditor