🎉 Our Microsoft 365 Reporting & Management Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Find Out Who Sent Emails from Shared Mailboxes

Managing Exchange Online shared mailboxes and their messages is challenging when multiple users have access, especially for handling support queries, billing updates, or external requests. This guide will help you easily track who sent emails from shared mailboxes, keeping communication clear, secure, and well-managed.

Solution 1
Solution 2
Solution 3
Important Tips
Errors and Resolution Steps
FAQs

Identify Who Sent an Email From a Shared Mailbox Using PowerShell

Microsoft 365 Permission Required
View-Only Audit Logs role Least Privilege
Global Administrator Most Privilege
  • Connect to the Exchange Online PowerShell using the cmdlet below.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline
  • Run the following cmdlet to find the sender of an email from a shared mailbox in your Microsoft 365 environment.
  • Windows PowerShell Windows PowerShell 
     Search-UnifiedAuditLog -StartDate "<YYYY-MM-DD>" -EndDate "<YYYY-MM-DD>" -Operations "SendAs","SendOnBehalf" -ResultSize 5000| ForEach-Object {
	$auditEntry = $_.AuditData | ConvertFrom-Json
	if ("<SharedMailboxUPN>" -in @($auditEntry.SendAsUserSMTP,$auditEntry.SendOnBehalfOfUserSMTP)) {
		[PSCustomObject]@{
			'Sent Time'  = ([datetime]$auditEntry.CreationTime).ToLocalTime()
			'Sent By'    = $_.UserIds
			'Sent From'  = $auditEntry.SendAsUserSMTP ?? $auditEntry.SendOnBehalfOfUserSMTP
			'Sent Mode'  = $_.Operations
			Subject      = $auditEntry.Item.Subject }}
} | Format-Table -AutoSize
  • Replace the <YYYY-MM-DD> values in the StartDate and EndDate parameters, as well as <SharedMailboxUPN>, with the UPN of the shared mailbox you want to search.
  • The output will list all the emails sent from the shared mailbox, along with details such as who sent the email, when it was sent, and more.
Identify Who Sent an Email From a Shared Mailbox Using PowerShell

Check Who Sent an Email from Shared Mailboxes Using PowerShell Script

Microsoft 365 Permission Required
View-Only Audit Logs role Least Privilege
Global Administrator Most Privilege
  • While the above PowerShell cmdlet provides audit data for emails sent from a specified shared mailbox, it doesn’t offer a detailed report for all the shared mailboxes in the tenant.
  • To achieve this, we need to use the 'Get-Mailbox' cmdlet to retrieve the shared mailboxes and loop through each one, which is a bit confusing and complex process.
  • Therefore, we have crafted a script that efficiently finds the sender of each email from all shared mailboxes.
  • Download and run the script in PowerShell to easily track who sent emails from shared mailboxes in your organisation.
  • The report provides a clear overview of each email sent from all shared mailboxes, including the sent time, delegate sender, subject, send mode, and more.
Check Who Sent an Email from Shared Mailboxes Using PowerShell Script
FindWhoSentEmailFromSharedMailbox.ps1
AdminDroid Exchange Online Reporter

Audit Every Email Sent From Shared Mailboxes in Microsoft 365 to Take Control of Your Security!

AdminDroid's Exchange Online reporting tool helps you identify who sent emails from shared mailboxes by eliminating the need to rely on complex PowerShell operations. Below are additional insights into shared mailbox usage that take email auditing to the next level.

Review and Manage Shared Mailbox Access Rights

Leverage the shared mailbox access permission report to monitor access rights like Send As, Send on Behalf, and Full Access to prevent unauthorized access and ensure secure mailbox access delegation.

Find Users with Full Access to Shared Mailboxes

Check users with full access to shared mailboxes, and remove permissions for those who no longer need them to prevent unauthorised access while improving resource management.

Find Inactive Shared Mailboxes Based on Last Email Sent

Monitor inactive shared mailboxes in Microsoft 365 by tracking the last sent email activity, and remove them to reduce clutter and streamline communication management.

Track High-Traffic Days for Shared Mailboxes by Sent Emails

Analyse peak usage days of shared mailboxes based on sent emails to understand usage patterns and enhance resource planning in your Microsoft 365 environment.

Reclaim Licenses from Unnecessary Shared Mailboxes

Review all licensed shared mailboxes, identify those that no longer require licenses, and revoke them to eliminate unnecessary costs.

Visualize Shared Mailbox Delegation Insights

Utilise the AI-powered mailbox permission analysis dashboard to quickly find the most delegated mailboxes by count and ensure delegation access is under control.

Overall, AdminDroid's Exchange Online management tool simplifies shared mailbox access management with its extensive capabilities. Its actionable reports enable admins to efficiently manage and optimize mailbox-related operations within the Microsoft 365 environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

Enforce multi-factor authentication for delegated users to add an extra layer of security and reduce the risk of account compromise in sensitive shared mailboxes.

Block email auto-forwarding to external domains from shared mailboxes to prevent data leaks and ensure sensitive information stays protected within your organization.

Utilize message trace in Exchange to track the path of email flow in shared mailboxes, identify delivery status, and troubleshoot email delivery issues.

Common Errors and Resolution Steps

Below are common issues you might encounter when identifying who sent an email from a shared mailbox in Microsoft 365, along with troubleshooting guidance.

Error The term 'Get-MailboxPermission' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error occurs when you attempt to run the 'Get-MailboxPermission' cmdlet in PowerShell without having the Exchange Online module installed.

Fix Install the Exchange Online PowerShell module using the below cmdlet. 
Install-Module ExchangeOnlineManagement
//If it is already installed, updating it with the following cmdlet could resolve the issue.
Update-Module -Name ExchangeOnlineManagement

Error Your attempt to connect to this Exchange server was denied because your account isn't enabled for the EXO Module.

This error occurs when connecting to the Exchange Online module because Remote PowerShell functionality is disabled for your account.

Fix Contact your Exchange Administrator to enable Remote PowerShell for your Microsoft 365 account. They can run the following command to enable Remote PowerShell functionality. 
Set-User -Identity "<UserUPN>" -RemotePowerShellEnabled $true

Error Search-UnifiedAuditLog: ||Audit log search argument startDate (01/06/2025 00:00:00) is later than endDate (01/01/2025 00:00:00).

This error occurs when you run the ‘Search-UnifiedAuditLog’ cmdlet in PowerShell with a ‘startDate’ parameter that is later than the ‘endDate’ parameter.

Fix Ensure that the startDate value is earlier than the endDate when configuring the DateTime parameters. 
Search-UnifiedAuditLog -StartDate "2025-01-01" -EndDate "2025-06-01"

Error Search-UnifiedAuditLog: Cannot process argument transformation on parameter 'StartDate'. Cannot convert value "05/21/2025" to type "Microsoft.Exchange.ExchangeSystem.ExDateTime". Error: "String '05/21/2025' was not recognized as a valid DateTime."

This error occurs when you attempt to run the ‘Search-UnifiedAuditLog’ cmdlet with a 'StartDate' value that is not in a valid DateTime format.

Fix Change the date format in the cmdlet to match your system’s regional settings or use a universally accepted format like "YYYY-MM-DD". 
Search-UnifiedAuditLog -StartDate "2025-05-21" -EndDate "2025-05-23"

Error ./FindWhoSentEmail.ps1 cannot be loaded. The file is not digitally signed. You cannot run this script on the current system.

This error occurs because the PowerShell execution policy is set to only allow scripts that are digitally signed by a trusted publisher.

Fix To run unsigned scripts, you can temporarily bypass the PowerShell execution policy by executing the following cmdlet. 
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Exchange Online
Frequently Asked Questions

Control Shared Mailbox Email Sending Behavior to Enhance Security and Ensure Accountability!

How to allow users to send emails from a shared mailbox?
How to troubleshoot when users can’t send or receive emails from a shared mailbox in Microsoft 365?
Why are emails sent from a shared mailbox not saved to Sent Items?
How to differentiate emails sent by different users from the same shared mailbox?
How to require approval for emails sent from a shared mailbox in Microsoft 365?

1. How to allow users to send emails from a shared mailbox?

Allowing users to send emails from a shared mailbox in Microsoft 365 ensures smooth collaboration and consistent communication. To enable this, users must be granted the Send As or Send on Behalf permission for the shared mailbox. Here's how you can set it up using the Microsoft 365 admin center or PowerShell.

Delegate permission to a shared mailbox using M365 admin center

  • In the Microsoft 365 admin center, navigate to Teams & groups»Shared mailboxes»Respective mailbox.
  • Under the Manage mailbox permissions section, choose the appropriate access rights based on your needs.

    Send As permissions - Allows the delegate to send emails that appear to be sent directly from the mailbox owner, without revealing the actual sender.

    Send on Behalf permissions – Enables the delegate to send emails in the name of the shared mailbox while indicating that the message was sent by the delegate on its behalf.

    Read and manage permissions – Allows delegates to read emails and manage the mailbox. However, it does not allow them to send emails unless they also have Send As or Send on Behalf permissions.

  • Click the Add permissions button and select the users who need to be added as delegates for the respective access right.
  • Finally, click Add to complete adding the delegate. Repeat the steps if you need to add another set of delegates with different access rights.
add-delegates-to-shared-mailbox

Note: You can also grant someone access to a shared mailbox via the Exchange admin center, but the Full Access option is not available there.

Allow users to send emails from shared mailboxes using PowerShell

Delegate permission with Send As permission to a shared mailbox by using the PowerShell cmdlet below:

Add-RecipientPermission -Identity "<SharedMailboxUPN>" -Trustee "<UserUPN>" -AccessRights SendAs

Assign user with Send On Behalf permission to shared mailbox by using the below PowersShell cmdlet:

Set-Mailbox -Identity "<SharedMailboxUPN>" -GrantSendOnBehalfTo "<UserUPN>"

Delegate access to shared mailbox with Full Access permission by using the PowerShell cmdlet below:

Add-MailboxPermission -Identity "<SharedMailboxUPN>" -User "<UserUPN>" -AccessRights FullAccess

2. How to troubleshoot when users can’t send or receive emails from a shared mailbox in Microsoft 365?

Shared mailboxes in Microsoft 365 help teams collaborate by allowing multiple users to send and receive messages using a common address. However, when issues arise, such as users being unable to send or receive email, it can disrupt workflow and team communication. As a Microsoft 365 admin, identifying and addressing the root cause is essential to restore normal mailbox functionality.

Here are the most common issues users encounter when sending emails from a shared mailbox, along with troubleshooting steps to resolve them.

  • You don't have permission to send messages from this mailbox.

    Many assume that having 'Full Access' to a shared mailbox lets you send emails from it, but that’s not true. Full access only allows a user to open, read, and manage mailbox content. To send emails from the shared mailbox, the user must be assigned 'Send' As or 'Send on Behalf' permission. If this error appears, check and assign with appropriate permission.

  • Your mailbox can no longer send or receive messages. To make room in your mailbox, delete any items you don't need and empty your Deleted Items folder.

    When a shared mailbox storage reaches above 49.5 GB, sending capabilities are restricted, and send or receive is restricted at 50 GB. To resolve this, delete unnecessary items and empty folders like Deleted Items and Junk Email. If storage is tight, assign a licence to the shared mailbox to expand storage capacity.

    You can configure storage quotas for a mailbox in Microsoft 365 to temporarily bypass storage restrictions.

  • Your message wasn't delivered to anyone because there are too many recipients.

    The recipient limit defines the maximum number of recipients allowed in the To, Cc, and Bcc fields of an email sent from the mailbox. By default, this is set to 500 and can be increased up to 1000. If the number of recipients exceeds the configured limit, the email won’t be delivered.

    To fix this, increase the recipient limit by navigating to Exchange admin center»Recipients»Mailboxes»Select shared mailbox»Mailbox features»Recipient limit»Set recipient limit. Alternatively, to do this via PowerShell, execute the cmdlet below.

    Set-Mailbox -Identity "<SharedMailboxUPN>" -RecipientLimits "<NewLimit>"

  • BootResult: accessDenied Back Filled Errors: Unhandled Rejection: Error: 500: undefined|undefined: undefined err: Microsoft.Exchange.Data.StoreObjects.AccessDeniedException

    This error usually means the user doesn't have the required permissions to perform the requested action. This is often seen when accessing a shared mailbox using the "Open another mailbox" option without having full access permission.

    Assign Full Access permission to the shared mailbox. If that is already applied, wait for some time for the permission application to take effect.

  • A custom mail flow rule created by an admin at contoso.com has blocked your message.

    This error occurs when a mail flow rule is set up by your admin to block emails sent from the shared mailbox.You can use the below cmdlet to review Exchange transport rules that might block or redirect messages sent from the shared mailbox.

    Get-TransportRule | Where-Object { $_.Description -like "<SharedMailboxUPN>" } | Format-List Name, State

    If any transport rule is found to block the user from sending emails from the shared mailbox, disable it by navigating to Exchange admin center» Mail flow rules»Respective Rule»Toggle ‘Enable or disable rule’ button to disabled state.Alternatively, you can disable it using the PowerShell cmdlet below.

    Disable-TransportRule -Identity "<TransportRuleName>"

3. Why are emails sent from a shared mailbox not saved to Sent Items?

By default, emails sent from a shared mailbox aren’t saved in its Sent Items folder unless they are sent using the Open another mailbox option. In this case, the message will be saved in the shared mailbox’s Sent Items folder.

However, if a user sends mail by simply changing the ‘from address’, the message won’t be saved in the shared mailbox’s Sent Items folder. To configure the mailbox to save a copy of the message to the sent items folder of the shared mailbox follow the instructions below.

  • Log in to the Microsoft 365 admin center.
  • Navigate to Teams and groups»Shared mailboxes and click the respective shared mailbox.
  • Hit the Edit option under the Sent Items section and Select the checkbox(es) for ‘Copy items sent as this mailbox’ or ‘Copy items sent on behalf of this mailbox’, then click Save.
save-copies-to-sent-items

Alternatively, use the below cmdlet to configure the mailbox to save a copy of the message to the sent items folder of the shared mailbox.

Configure the shared mailbox to save a copy of emails sent using 'Send As' permissions to the Sent Items folder by using the cmdlet below:

Set-Mailbox "<SharedMailboxUPN>" -MessageCopyForSentAsEnabled $true

Set the shared mailbox to retain a copy of 'Send on Behalf' emails in the Sent Items folder by executing the cmdlet below:

Set-Mailbox "<SharedMailboxUPN>" -MessageCopyForSendOnBehalfEnabled $true

4. How to differentiate emails sent by different users from the same shared mailbox?

While this guide provides a solution to find all sent items from all or specific shared mailboxes, there are situations where you need to examine emails sent by individual users from their respective mailboxes. This is especially important when you want to differentiate emails sent by different users from the same shared mailbox.

Since the native solution falls short in this regard, you can consider the following PowerShell workaround.

Run the 'FindWhoSentEmailFromSharedMailbox.ps1' script with the -SenderAddress parameter to find emails sent from a shared mailbox. Additionally, you can use the -SendAsOnly or -SendOnBehalfOnly parameter to filter by 'Send As' or 'Send on Behalf' permissions.

./FindWhoSentEmailFromSharedMailbox.ps1 -SharedMBIdentity "<SharedmailboxUPN>"

Once the report is generated, open the file in any spreadsheet application and apply a filter to the ‘SentBy’ column to view emails sent by a specific user from the shared mailbox.

differentiat-email-sent-by-different-users-using-script

However, AdminDroid simplifies this process by allowing you to easily differentiate emails sent by different users from the same shared mailbox with just a few clicks.

  • In the Recipient Type Details in the Sent Emails report, apply the ‘Sharedmailbox’ filter to refine the sent emails based on the shared mailbox.
  • Furthermore, use the ‘Performed By’ filter to refine the emails and see only emails sent by a specific user.
differentiate-email-sent-by-different-users-using-admindroid

5. How to require approval for emails sent from a shared mailbox in Microsoft 365?

To require approval for emails sent from a shared mailbox, you can use a mail flow rule (transport rule) in Exchange Online. This rule can route emails to one or more moderators before delivery. Here's how to set it up.

Configure moderated recipients in Exchange Online for a shared mailbox

  • Go to Exchange admin center»Mail flow»Rules»Create a new rule and give your rule a name (e.g., "Shared Mailbox Approval").
  • Under Apply this rule if, choose ‘The sender is’, then select the shared mailbox.
  • Under Do the following, select ‘Forward the message for approval to’ and choose the approver. Click Next.
  • Make any needed changes under ‘Set rule settings’, then click Next.
  • Review the settings, then click Finish to save the rule. Click Done to close the page.
  • Click on the rule you have created and switch the Enable or disable rule toggle to ‘Enabled’ state.
require-approval-for-email-
configure-moderated-recipients-in-exchange-online

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Exchange Online
How to Find Out Who Sent Emails from Shared Mailboxes
Exchange Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo