List Shared Mailboxes Members & Permissions with PowerShell

Get List of Shared Mailboxes and Permissions with Lepide Data Security Platform
x
3 min read | Published On - June 06, 2024
In This Article

Mailboxes associated with a single user are suitable for most situations, but there are times when several users or specific group members need to have access to a shared mailbox. This could be, for example, to read and send emails on behalf of an organization or to share a common work calendar. Shared mailboxes are available in both Exchange Online and on-premise Exchange and these are distinguished by their special RecipientType of “SharedMailbox”.

What are Shared Mailboxes?

A shared mailbox is a type of user mailbox that doesn’t have its own username and password so users can’t log into them directly. To access a shared mailbox, users must first be granted ‘Send As’ or ‘Full Access’ permissions to the mailbox. Once that has been done, users sign into their own mailboxes and then access the shared mailbox by adding it to their Outlook profile.

However, although shared mailboxes provide an efficient way of working, they can lead to some users having unauthorized access to sensitive data. It is essential, therefore, to have tracking mechanisms in place to ensure that this doesn’t happen.

In this article we will look at two ways to get a list of shared mailboxes, members, and permissions. First using PowerShell and then using the Lepide Data Security Platform which is a more straightforward method and does not require any PowerShell scripting knowledge

List Shared Mailboxes Members and Permissions Using PowerShell

Please follow below steps:

  • Connect to Office 365 PowerShell, run the PowerShell ISE as Administrator and execute the following command:
    Set-ExecutionPolicy RemoteSigned
    $Cred = Get-Credential
  • Type your user ID and password in the Windows PowerShell Credential Request and click OK
  • Create a session using the following command, modifying –ConnectionUri parameter based on your Exchange Online location:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic –AllowRedirection
  • Connect to Exchange Online:
    Import-PSSession $Session –DisableNameChecking
  • Copy and run the following script, adjusting the filters for the specific user you want to report on and specifying the desired path for the CSV file output:

    Connect-ExchangeOnline
    $sharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox
    foreach ($mailbox in $sharedMailboxes) {
    Write-Host "Shared Mailbox: $($mailbox.DisplayName)"
    $mailboxPermissions = Get-MailboxPermission -Identity $mailbox.Identity
    foreach ($permission in $mailboxPermissions) {
    Write-Host " User: $($permission.User.DisplayName), Permissions: $($permission.AccessRights)"
    }
    }
    Disconnect-ExchangeOnline -Confirm:$false
  • Review the resulting CSV report:
    Shared Mailbox List and Permissions

Using the Lepide Data Security Platform

The Lepide Data Security Platform includes a wide range of Exchange Online reports – both on premise and online – which can be run with no requirement for PowerShell scripting. The following example is the Mailbox Accessed by Non Owners report:

Non-owner mailbox access report

To run the report:

  • From the States & Behavior screen, select Exchange Online, Mailbox Accessed by Non Owners
  • Click Generate Report
  • The report includes Action Performed By, Action Performed On, Operation, When and What
  • The report can be grouped, filtered, saved and exported
See How Lepide Microsoft 365 Auditing Solution Works
x
Learn More...

Get List of Shared Mailboxes and Permissions with Lepide Data Security Platform

x
Learn More...