🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Export Microsoft 365 Shared Mailbox Permission Report

Do you ever feel overwhelmed by managing shared mailbox permissions? Managing delegate permissions for multiple Exchange online shared mailboxes has always been a nightmare for Microsoft 365 admins. No worries! Explore simple methods to acquire shared mailbox permission report and streamline your Exchange Online management.

Solution 1
Solution 2
Solution 3
Solution 4
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft 365 admin center

Microsoft 365 Permission Required
Global Admin or Exchange Online Admin.
  • Navigate to the Microsoft 365 admin center.
  • Click on ‘Teams and groups’ in the left navigation pane.
  • Select 'Shared mailboxes' to view the list of shared mailboxes in Microsoft 365.
  • Select the desired shared mailbox in the list of Exchange Online shared mailboxes. You can find "Manage mailbox permissions".
  • Select any delegate permission to see the members assigned to it.
Using Microsoft 365 admin center

Using Windows PowerShell:

Microsoft 365 Permission Required
Global Admin or Exchange Online Admin.
  • Make sure you installed and imported the Exchange online module using these cmdlets.
  • Windows PowerShell Windows PowerShell 
     Install-Module -Name ExchangeOnlineManagement

Import-Module ExchangeOnlineManagement
  • Run the below cmdlets to connect Exchange Online and get the list of all shared mailboxes with their delegated permissions.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline
  • To retrieve all delegates with ‘Full Access’ permission for all shared mailboxes.
  • Windows PowerShell Windows PowerShell 
     Get-Mailbox |?{$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission|?{$_.User -ne 'nt authority./self'} |Select-Object Identity,User,AccessRights
  • To retrieve all delegates with ‘Send As’ permission for all shared mailboxes.
  • Windows PowerShell Windows PowerShell 
     Get-Mailbox |?{$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-RecipientPermission | where {($_.Trustee -ne 'nt authority./self') -and ($_.Trustee -ne 'Null sid')} | select Identity,Trustee,AccessRights
  • To retrieve all delegates with ‘Send on behalf of’ permission for all shared mailboxes.
  • Windows PowerShell Windows PowerShell 
     Get-Mailbox |?{$_.RecipientTypeDetails -eq "SharedMailbox" -and $_.GrantSendOnBehalfTo -ne $null }| Select  PrimarySmtpAddress,GrantSendOnBehalfTo,RecipientTypeDetails
Using Windows PowerShell:

Using PowerShell Script

Microsoft 365 Permission Required
Global Admin or Exchange Online Admin.
  • Since there is a limitation in getting complete shared mailbox permissions and their access rights with a single cmdlet, we have prepared a PowerShell script to export shared mailbox permissions to csv.
  • Download and run the following script in the Administrator PowerShell.
Using PowerShell Script
GetSharedMailboxPermission.ps1
AdminDroid Exchange Online Reporter

Unlock the power of visibility in shared mailbox delegate permissions

AdminDroid Exchange Online management tool presents a user-friendly interface that efficiently furnishes reports on shared mailbox delegate permissions. This saves significant time and effort for administrators, streamlining the process of shared mailbox management.

Advanced Alerting on Shared Mailbox Permission Changes

Receive real-time alerts from AdminDroid when there are unexpected changes to mailbox permissions in shared mailbox. Customize threshold limits to enhance the accuracy of identifying and preventing unauthorized actions involving shared mailboxes.

Delegate Permissions Audit

Go beyond the basic mailbox permissions details and delve into detailed insights about shared mailbox permission changes. Detect unusual delegate access permission changes through in-depth reports, to proactively prevent unauthorized access.

Automated Delegation Summary Reports

Schedule the shared mailbox permission summary report at a weekly/monthly frequency to your inbox and verify the reports without even logging into AdminDroid.

Streamline Shared Mailbox Delegation Oversight

Simplify the Shared mailbox delegation management with a concise shared mailbox permissions report. Easily determine Microsoft 365 users who have specific access to shared mailboxes in Exchange Online.

In-Depth Shared Mailbox Access Activities

Gain insights of AdminDroid’s customized shared mailbox access activities report to proactively monitor shared mailbox accesses. Ensure the delegated users are properly managing the sensitive information of shared mailboxes.

Control Access to Shared Mailbox Reports

Utilize AdminDroid's custom role delegation feature to create and manage roles for accessing shared mailbox permissions reports. Ensure authorized admins can only access these permission reports of your Microsoft 365.

In summary, AdminDroid offers robust capabilities that enable you to effectively oversee and monitor shared mailbox delegate permissions. Additionally, you can leverage a range of shared mailbox reports which enables you to manage shared mailboxes within your Microsoft 365 environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

Review audit disabled shared mailboxes and enable mailbox auditing to track delegate activity for improved mailbox security.

Enforce MFA for delegates to add an extra layer of security, reducing the risk of unauthorized access to shared mailboxes.

Regularly check shared mailbox email forwarding to prevent anonymous external forwarding and take steps to delegate permissions as needed.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting hints while getting shared mailbox delegate permissions report.

Error This message could not be sent. You do not have the permission to send the message on behalf of the specified user.

This error will occur if a user is assigned only with "read and manage" permission. They won't be able to send emails from the shared mailbox.

Fix To send emails from the shared mailbox, grant 'Send as' or 'Send on behalf of' permission to the desired delegate users.

Error The term 'Add-MailboxPermission' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when a user without the necessary administrative roles attempts to delegate permissions to another user for the shared mailbox.

Fix Ensure the user is assigned suitable administrative roles, like Global Administrator or Exchange Online Administrator to assign the permissions to shared mailboxes in Exchange Online. 
// Run the below cmdlet to connect MSonline account.
Connect-MsolService
// Run the below cmdlet to add the required role.
Add-MsolRoleMember -RoleMemberEmailAddress "<UserPrincipleName>" -RoleName "<Admin role name>"

Error The term 'Get-Mailbox' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error will occur while you are running the ‘Get-Mailbox' cmdlet without connecting to the Exchange online.

Fix To get delegate permissions and shared mailboxes in Exchange Online. Make sure to install and connect to the Exchange Online module by using the following cmdlet. 
Connect-ExchangeOnline

Error Select no more than 5 users.

This error occurs if you attempt to delegate permissions to more than 5 users at once in Microsoft 365 admin center.

Fix If you need to add more than 5 users at once, please use the Exchange Online admin center to delegate permission levels.

Error Delegate user doesn't appear in the search results.

This error occurs when the delegate user is an external user and not added to the organization.

Fix To grant access to shared mailbox for an external user or an user from outside the organization, use the following PowerShell cmdlet. 
// Run the below cmdlet to connect your Exchange Online account.
Connect-ExchangeOnline
// Run the below cmdlet to add the required permission to desired external users.
Add-RecipientPermission <MailboxName> -AccessRights SendAs -Trustee <UserPrincipleName> -Confirm:$false
Exchange Online
Frequently Asked Questions

Strengthen Mailbox Security by Monitoring and Managing Shared Mailbox Permissions in Microsoft 365

What are the risks in improper shared mailbox permissions?
How can shared mailbox limitations affect delegate permissions?
What are the permission levels for a shared mailbox?
How to get a list of shared mailboxes and users with permissions?
How to manage shared mailbox permissions in Office 365?
How to audit shared mailbox permission changes?

1. What are the risks in improper shared mailbox permissions?

Improper shared mailbox delegate permissions can lead to several challenges and potential issues within a Microsoft 365 organization. Some of these challenges include:

  • Data Security Risks: Mismanaged permissions can result to unauthorized access of sensitive emails and data, increasing the risk of data breaches or leaks.
  • Threat of Email Deletion: Delegates with 'Full Access' permissions might accidentally or intentionally delete crucial emails, leading to data loss or severe security issues.
  • Loss of Accountability: Without a clear understanding of a user's delegate permissions, it can be challenging to track email access, modifications, or deletions, making it difficult to establish accountability.
  • Mailbox Usage Limitations: Conflicts might arise when multiple delegates try to access shared mailbox and manage emails simultaneously, potentially causing errors or data inconsistencies.

To stay secure from these kinds of challenges, make sure to regularly monitor the shared mailbox permissions after they are assigned to the Microsoft 365 users.

2. How can shared mailbox limitations affect delegate permissions?

Shared mailboxes in Exchange Online are a valuable resource for efficient email collaboration among team members, but they have some limitations that can affect delegate permissions. Here are a few things to keep in mind:

  • Limited Storage: Shared mailboxes have a storage limit of 50 GB when not assigned an Exchange Online license. This limitation can become problematic when managing multiple users or storing large files. If the storage limit is exceeded, users with delegate permissions may face difficulties in accessing or managing the shared mailbox.
  • Archive Mailbox Limit: Shared mailboxes in Microsoft 365 do not include an archive option by default. A shared mailbox archive may require additional licensing.
  • Access Restriction: Shared mailboxes are limited for internal use within an organization. You cannot delegate access to a shared mailbox for external users or non-employees in Microsoft 365 by default.
  • No Direct Access to Shared mailbox: Users cannot login directly to a shared mailbox. They access shared mailbox through their own accounts with the permissions assigned to them. If the delegated users do not have Outlook licenses, they will not be able to access shared mailboxes.

Here are some tips to manage shared mailbox delegate permissions to face off these limitations:

  • Assign shared mailbox with Exchange Online Plan 2 license to increase the size limit to 100 GB and licensing for archive mailbox.
  • Create and add external users to the distribution list in Microsoft 365 to grant access to shared mailboxes.
  • Ensure user’s licensing while granting delegate permissions to the shared mailbox in Microsoft 365.

By following these tips, you can efficiently manage the delegates and minimize the impact of the limitations of shared mailboxes.

3. What are the permission levels for a shared mailbox?

Shared mailboxes in Microsoft 365 typically have the following permission levels, which determine the access level of users or delegates may have:

  • Full Access: Users with 'Full Access' permissions can view, add, modify, and delete items in the shared mailbox. They can also create and manage calendar events & contacts. However, they are not allowed to send emails from the mailbox.
  • Send As: Delegates with 'Send As' permissions cannot access a shared mailbox, but they can send emails from it, which appear as if they originate from the shared mailbox and rather than the delegate.
  • Send on Behalf: Users with 'Send on Behalf' permissions can send emails using the shared mailbox's email address, which clearly indicates that the email was sent on behalf of the shared mailbox. Recipients can see the delegate's email address as the sender. On the other hand, delegates are unable to access any items in the shared mailbox.

These shared mailbox permission levels provide a range of access options and allow organizations to tailor the list of users who have access to shared mailboxes based on their organization’s requirements.

AdminDroid makes it easy to track all actions performed in the shared mailbox using the permissions assigned to the Exchange Online users.

  • AdminDroid reports, such as Send-As Activities and Send-on-Behalf Activities, capture all email actions performed by delegates, including 'Sent by' and 'Sent-on-behalf of' email addresses.
  • These reports provide user details, revealing who sent the email and on whose behalf it was sent in a more efficient way.
  • By using the Download button, you can easily export the report to your local system in any desired format.
send-on-behalf-of-report

4. How to get a list of shared mailboxes and users with permissions?

Getting shared mailbox permissions in Office 365 is crucial for efficient teamwork and secure email access. This ensures authorized users can seamlessly access these mailboxes, improving collaboration and productivity. You can get all shared mailboxes in Exchange Online and users with permissions from Microsoft 365 in the below ways:

  • Microsoft 365 Admin Center - Navigate to 'Shared mailbox' under ‘Teams and groups’. By selecting a desired shared mailbox, you can find manage mailbox permissions. Select any delegate permission to see the members with specific permissions.
  • Exchange Admin Center – To check shared mailbox delegation in the Exchange admin center, navigate to the Recipients»Mailboxes. You can individually select the shared mailboxes and check all delegated permissions in the 'Delegation' section.
  • Microsoft PowerShell - Run the script provided and get shared mailbox permissions in PowerShell with detailed access rights.

However, Microsoft 365 admin center involves manually searching for shared mailboxes and their delegation, which can be time-consuming. PowerShell, on the other hand, lacks a straightforward method for exporting shared mailbox permissions report efficiently.

Get a complete overview of shared mailbox permissions in a few seconds.

  • Utilize AdminDroid’s dedicated Shared mailbox permission detail report located under Reports»Exchange»Shared mailbox info, to list all shared mailboxes and users with their delegated access rights.
permission-detail-report
  • Simply click on the mail icon at the top of the report page and send the report directly to your inbox in the desired format.
  • Here's a handy tip: You can click on the column heading to re-arrange the report data based on that specific column. In this case, you can click on the 'Access rights' column to sort the users from high-level access to low-level access. This makes it easy to quickly grasp the level of access rights for each user.

5. How to manage shared mailbox permissions in Office 365?

Managing shared mailbox delegation in Microsoft 365 includes assigning various access permission levels to specific users for certain shared mailboxes.

Efficiently managing mailbox delegation in Office 365 is essential for organized teamwork and secure email communication. It ensures proper access for the right people, reduces risks of data breaches, unauthorized access, and maintains a secure and organized email communication system.

How to add shared mailbox permissions in PowerShell?

Utilize these cmdlets to grant access to shared mailbox permissions for desired users, ensuring effective shared mailbox management.

  • To add ‘Full Access’ permission: 
    Add-MailboxPermission <Shared Mailbox> -User <Identity> -AccessRights FullAccess -InheritanceType All
  • To delegate ‘Send As’ permission: 
    Add-RecipientPermission <Shared Mailbox> -AccessRights SendAs -Trustee <Identity> -Confirm:$false
  • To add ‘Send-On-Behalf of’ permission: 
    Set-Mailbox <Shared Mailbox> -GrantSendOnBehalfTo <Identity>

How to grant access to a shared mailbox in Exchange admin center?

  • Login to the Exchange Online admin center.
  • Navigate to ‘Mailboxes’ section under Recipients in the left navigation pane.
  • Select the desired mailbox and click ‘Mailbox delegation’.
  • Choose the level of access you want to grant to the delegates, such as "Full Access", "Send As", or "Send on Behalf" and click ‘Edit’.
  • To add delegates to a shared mailbox, click the "Add members", then search and select the users you want to delegate access to.
  • After configuring the permissions, click 'Save' and confirm your changes.
  • Finally, inform the delegates about their new permissions and responsibilities.

You can follow the same steps to revoke the shared mailbox permissions from users. After selecting the users, you will find the option 'Remove permissions’. Click on it to remove delegate permissions from the selected users.

6. How to audit shared mailbox permission changes?

Keeping an eye on shared mailbox permissions is crucial. Unauthorized shared mailbox access may put Microsoft 365 data security at risk. However, regular monitoring of shared mailbox permissions allows you to quickly spot unusual permission changes and make your Exchange Online mailboxes more secure.

Auditing is enabled by default for all mailboxes, but to search mailbox settings and permission changes in the native solution, you must enable auditing for using PowerShell.

Connect-ExchangeOnline

Set-Mailbox –Identity <SharedMailbox> -AuditEnabled $True

Although we enabled searching audit logs, tracking these changes can be a time-consuming task for Microsoft 365 administrators. This delay in spotting unauthorized access or suspicious activities with shared mailboxes can raise security vulnerabilities.

Using mailbox permission changes report in AdminDroid, you can effortlessly monitor and detect abnormal changes in shared mailbox permissions with this comprehensive report.

  • The "Authorized Mailbox" column in this report shows the shared mailboxes for which the permission changes were made. The "Authorized User" column shows the user who made specific permission changes. This ensures that only authorized changes happened in Exchange Online mailboxes.
permission-changes-report
  • AdminDroid Advanced Alerting feature ensures you receive real-time notifications whenever there are unusual changes in shared mailbox permissions. This helps you detect inappropriate actions quickly and allows you to take necessary actions promptly.
  • TIP: Customize your alert thresholds to improve the accuracy of detecting and preventing unauthorized activities related to shared mailbox permissions.

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Exchange Online
How to Export Microsoft 365 Shared Mailbox Permission Report
Exchange Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo