🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Get Exchange Online Mailbox Permissions Report

Mailbox permission in Exchange Online can enhance email communication within an organization. However, excessive mailbox permissions to a suspicious user could lead to data breaches or compromised security. In this guide, we will walk you through the simple steps to export mailbox permission report in Microsoft 365.

Option 1
Option 2
Option 3
Option 4
Important Tips
Errors and Resolution Steps
FAQs

Using Exchange Online Admin Center

Microsoft 365 Permission Required
Global Admin and Exchange Admin.
  • Sign-in to the Exchange Online admin center.
  • Navigate to 'Mailboxes' under 'Recipients' to see all mailboxes in Exchange Online.
  • Select the desired mailbox and click on 'Mailbox delegation'.
  • Select any delegate permission to see the members assigned to it.
Using Exchange Online Admin Center

Using Windows PowerShell:

Microsoft 365 Permission Required
Global Admin and Exchange Admin.
  • Run the below cmdlet to connect Exchange Online.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline
  • To get users with 'Full Access' permissions for all Exchange Online mailboxes.
  • Windows PowerShell Windows PowerShell 
     Get-Mailbox | Get-MailboxPermission|?{$_.User -ne 'nt authority\self'} |Select-Object Identity,User,AccessRights
  • To find users with 'Send As' permission for all Exchange Online mailboxes.
  • Windows PowerShell Windows PowerShell 
     Get-Mailbox | Get-RecipientPermission | where {($_.Trustee -ne 'nt authority\self') -and ($_.Trustee -ne 'Null sid')} | select Identity,Trustee,AccessRights
  • To check 'Send on Behalf' permissions for all Exchange Online mailboxes.
  • Windows PowerShell Windows PowerShell 
     Get-Mailbox |?{$_.GrantSendOnBehalfTo -ne $null }| Select  PrimarySmtpAddress,GrantSendOnBehalfTo,RecipientTypeDetails
Using Windows PowerShell:

Using PowerShell Script

Microsoft 365 Permission Required
Global Admin and Exchange Admin.
  • PowerShell cmdlets do not provide all types of mailbox access rights in a single cmdlet as well as a user-friendly Exchange Online mailbox permissions report.
  • Thus, we’ve prepared the script to export mailbox permissions to csv in PowerShell. This report format gives you a clear understanding about all types of mailbox permissions.
  • Download and run the following script in the Administrator PowerShell.
Using PowerShell Script
GetMailboxPermission.ps1
AdminDroid Exchange Online Reporter

Strengthen mailbox security with detailed mailbox permission reports!

AdminDroid's Exchange Online reporter offers accurate mailbox permission details and other useful mailbox related reports. It allows you to effortlessly visualize user access rights, track permission changes, and ensure secure mailbox management. Also, you can easily identify any potential security risks, enhancing overall mailbox access management.

Control Guest Access Rights in Mailboxes

Monitor guests access to other mailboxes to ensure secure collaboration and data protection in your Exchange Online environment.

Efficient External Email Forwarding Management

Manage external email forwarding in Microsoft 365 with in-depth details and prevent any unauthorized data leaks and security breaches.

Enhanced Mailbox Access Monitoring

Monitor non-owner mailbox access report in Exchange Online to identify and address any sensitive actions by delegated users promptly.

User-Friendly Exchange Online Mailbox Insights

Effortlessly visualize and manage Exchange Online mailbox access rights across your organization with AdminDroid's mailbox permissions dashboard.

Comprehensive Mailbox Device Management Reporting

Manage Microsoft 365 mobile devices accessing Exchange online mailboxes using AdminDroid’s mailbox device management reporting that includes OS version, device policy, etc.

Streamlined Overview of Shared Mailbox Permissions

Mailbox permission management also includes monitoring shared mailbox permissions and promptly detect any unapproved permissions in the Exchange Online shared mailboxes.

In conclusion, AdminDroid empowers admins with unmatched capabilities in Exchange Online mailbox permissions reporting and various mailbox-related insights. Its user-friendly reports provide a comprehensive overview that enables admins to efficiently manage and optimize mailbox-related operations within the Microsoft 365 environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

Discover and implement the latest quarantine management features in Microsoft defender and shield against increasing number of email threats.

Monitor delegate audit enabled mailboxes in Exchange Online to detect any sensitive actions performed by non-owners in your Microsoft 365 environment.

Remember to report suspicious messages in delegated mailboxes and stay secure against phishing and junk emails in Exchange Online.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting hints while checking mailbox permissions in Microsoft 365.

Error Write-ErrorMessage : A server side error has occurred because of which the operation could not be completed. Please try again after some time. If the problem still persists, please reach out to MS support.

This error occurs when the mailbox type is not specified in the cmdlet. Scanning all mailboxes in the organization can take time and give this error.

Fix Specify the required type of mailbox and run the PowerShell cmdlet like below. 
Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-MailboxPermission –User <UPN>

Error Write-ErrorMessage : Ex41BAF5|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|The specified mailbox Identity:"UPN" doesn't exist.

This error occurs when you try to give folder permission for a password expired user mailbox.

Fix Make sure the user has an active password and an Exchange Online license before granting folder permissions to another user.

Error Write-ErrorMessage : Cannot process argument transformation on parameter 'Identity'. Cannot convert value "User@Contoso.com:" to type "Microsoft.Exchange.Configuration.Tasks.MailboxFolderIdParameter". Error: "The mailbox folder identity "User@Contoso.com:" isn't in the correct format. The correct format should look like this: ":". "

This error occurs when you enter incorrect or non-existing folder name in the "Get-MailboxFolderPermission" cmdlet.

Fix Ensure that the specified folder exists in the given mailbox and specify the folder name precisely as shown in the PowerShell cmdlet below. 
Get-MailboxFolderPermission -Identity <UPN>:\Inbox

Error Get-MailboxPermission : The term 'Get-MailboxPermission' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you try to run the 'Get-MailboxPermission' without proper admin priveleges.

Fix Ensure to connect the Exchange Online module with Global or Exchange Online administrator privileges. 
Connect-ExchangeOnline

Error Delegate user doesn't appear in the search results.

This error occurs when the delegate user is not assigned with active Exchange Online license.

Fix To grant access to another mailbox make the user is assigned with valid and active Exchange Online license.
Exchange Online

Frequently Asked Questions

Manage Exchange Online Mailbox Permissions in Microsoft 365

How to manage permissions for recipients in Exchange Online?

How to manage permissions for recipients in Exchange Online? +

Effectively managing permissions for recipients in Exchange Online is crucial for maintaining a secure and organized email communication system. It involves assigning appropriate mailbox access rights to legitimate recipients, ensuring streamlined collaboration and minimizing the risk of unauthorized access or data breaches.

You can follow the below PowerShell cmdlets to give mailbox permissions to another Microsoft 365 user.

To give 'Full Access' permission for a user to a mailbox, you can run the below command:

Add-MailboxPermission <User Mailbox> -User <Identity> -AccessRights FullAccess -InheritanceType All

You can run the below command to give 'Send As' permission for a specific user to a mailbox:

Add-RecipientPermission <User Mailbox> -AccessRights SendAs -Trustee <Identity> -Confirm:$false

To delegate 'Send on Behalf' permission for a user to a mailbox, you can run the below command:

Set-Mailbox <User Mailbox> -GrantSendOnBehalfTo <Identity>

Track and detect who modified mailbox permissions in Microsoft 365!

Unapproved permission changes in Exchange Online mailboxes could lead to potential security issues such as data leaks in sensitive business email conversations, customer details, and more. Regular monitoring of mailbox permission changes in Microsoft 365 is essential for managing mailbox access rights. Also, it helps to identify and track excessive and unnecessary permissions effectively.

How to see what mailboxes a user has access to in Microsoft 365?

How to see what mailboxes a user has access to in Microsoft 365? +

Mailbox permission monitoring involves understanding the mailboxes a user can access in Microsoft 365. It helps you to efficiently resolve Exchange Online mailbox access issues and ensures that sensitive information remains accessible only to authorized individuals.

In Exchange Online admin center, you can get delegated permissions for a list of all Exchange Online mailboxes. However, getting specific user access rights is a time-consuming task.

You can get all Exchange Online mailboxes to which a user has 'Full Access' permissions using the below PowerShell cmdlet:

Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-MailboxPermission –User <UPN>

Utilize the below PowerShell cmdlet to obtain list of mailboxes to which a user has 'Send As' permissions:

Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-RecipientPermission –Trustee <UPN>

Since SendOnBehalf permission is not classified under the 'Mailbox permission' parameter, PowerShell cannot list all mailboxes for a given user with this permission. Also, these PowerShell commands require additional steps to export mailbox permissions to CSV, which can be time-consuming.

Therefore, we’ve crafted the unified script to effortlessly export list of mailboxes to which a specific user has 'Full Access', 'Send As', 'Send on Behalf' permissions.

Download MailboxesUserCanAccess.ps1 and run the script in Administrator PowerShell with ".\MailboxesUserCanAccess.ps1 -UPN <user@contoso.com> -SendOnBehalf" parameter to export list of mailboxes to CSV to which a specific user has 'SendOnBehalf' permission.

  • With AdminDroid’s Access to Other Mailboxes report you can effortlessly filter the ‘specific user’ using the “Easy Filter” feature. This gives a comprehensive list of all mailboxes the desired user can access and their type of mailbox access rights.
  • With a single click on the mailbox icon(✉), you can email the user access to other mailboxes report directly to your inbox.
user-access-to-others-mailboxes

TIP: AdminDroid’s AI powered graphs enable you to get a list of mailboxes a user can access and the distribution of access rights within those mailboxes.

What is the difference between mailbox permission and mailbox folder permission?

What is the difference between mailbox permission and mailbox folder permission? +

Mailbox permissions and mailbox folder permissions are distinct concepts in Microsoft 365.

  • Exchange Online mailbox permissions refers to the delegated access given to a user mailbox based on access rights like "Full Access," "Send As," and "Send on Behalf".
  • On the other hand, Exchange Online mailbox folder permissions are specific permissions granted to access individual folders within a mailbox, such as the inbox or calendar.

Understanding this difference is crucial for managing Exchange Online mailbox access effectively. Also, monitoring Exchange Online mailbox folder permissions ensures the security and privacy of mailbox contents.

You can "add" mailbox folder permissions using the below PowerShell cmdlet:

Add-MailboxFolderPermission -Identity <UserUPN>:\<FolderName> -User <DelegatedUserUPN> -AccessRights <RolesOrPermissions>

You can "get" mailbox folder permissions of required users using the below PowerShell cmdlet:

Get-MailboxFolderPermission -Identity <UserUPN>:\<FolderName>

Also, it is necessary to monitor users who grant access to specific mailbox folders, preventing any unwanted changes to mailbox folder permissions. It helps to enhance mailbox security at folder level and enhances overall Exchange Online management.

With AdminDroid advanced alerting, you can configure threshold limits for folder permission changes and receive real-time notifications whenever there is an unusual activity in Exchange Online mailbox folders.

  • AdminDroid’s Folder Permissions report provides information on users who provide access to specific mailbox folders.
  • Utilize 'Authorized by' and 'Authorized folder' columns to verify only authorized users are granting access to only required folders.
folder-permissions-report

PRO TIP: With the 'Authorized by' graph you can get detailed information on specific users granting folder permissions to other Microsoft 365 users. This provides a comprehensive overview of authorization activities, enabling efficient monitoring of folder permissions across your organization.

How to export mailbox permissions to CSV?

How to export mailbox permissions to CSV? +

Exporting mailbox permissions to CSV in Microsoft 365 is very helpful for admins, especially when managing multiple mailbox permissions across various users and groups. It enables admins to efficiently analyze and manage permissions, ensuring that the right users have appropriate access to mailbox and its data.

However, Microsoft 365 admins cannot export mailbox permissions for multiple users as the export option is not available in the native solution. This limitation makes it challenging to monitor and manage multiple users' Exchange Online mailbox permissions.

Using AdminDroid, admins can easily export mailbox permissions to CSV and other various formats such as HTML, PDF, XLS, and XLSX.

  • Download a report at preferred format by clicking on the 'Download' icon and save it to the local system.
  • Gain comprehensive insights on Exchange Online mailbox permissions, such as mailbox display name, user with access, access rights, and other related properties.
mailbox-permission-detail
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Exchange Online
How to Get Exchange Online Mailbox Permissions Report
Exchange Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo