🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Find Who Changed Mailbox Folder Permissions in Exchange Online

Imagine a critical mailbox folder containing client emails with confidential information accidentally gets shared with an unauthorized user. This can cause severe legal problems and ruin the organization's reputations. So, it's important to frequently check the mailbox folder permissions changes in Microsoft 365. This guide will walk you through the steps to audit folder permission changes in Exchange Online.

Option 1
Option 2
Option 3
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft Purview Portal

Microsoft 365 Permission Required
Global Admin, Exchange Admin, or any other privileged admin role.
  • Navigate to the Audit section in the Microsoft Purview portal.
  • Customize the date and time range if required. Then, enter the following operations in the Activities - operation names field as comma-separated values.

    AddFolderPermissions, ModifyFolderPermissions, RemoveFolderPermissions, Add-MailboxFolderPermission, Set-MailboxFolderPermission, Remove-MailboxFolderPermission

  • Click the Search button and wait for the search to be completed.
  • After the search completion, you can see who changed folder permissions in Exchange Online.
  • Use the Export option to download the mailbox folder permission changes report for offline access.
Using Microsoft Purview Portal

Using Windows PowerShell

Microsoft 365 Permission Required
Global Admin, Exchange Admin, or any other privileged admin role.
  • Execute the below cmdlet to connect to the Exchange Online PowerShell.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline
  • Run the following command with the appropriate start and end date to check mailbox folder permission changes over a period.
  • Windows PowerShell Windows PowerShell 
     Search-UnifiedAuditLog -StartDate <MM/DD/YYYY> -EndDate <MM/DD/YYYY> -Operations AddFolderPermissions, ModifyFolderPermissions, RemoveFolderPermissions, Add-MailboxFolderPermission, Set-MailboxFolderPermission, Remove-MailboxFolderPermission | Format-Table
Using Windows PowerShell
AdminDroid Exchange Online Reporter

Audit Microsoft 365 mailbox folder permissions to prevent unauthorized sharing!

AdminDroid’s Exchange Online auditing tool allows tracking of the mailbox folder permission changes made by different admins and users. These reports help identify unnecessary mailbox folder privileges and prevent sensitive information from being accessed by unauthorized users.

Real-Time Alerts for Mailbox Folder Permission Changes

Automatically receive instant notifications using the AdminDroid alerting feature whenever there are modifications in mailbox folder permissions.

Delegated Access to Exchange Online Insights

Assign a user as the Exchange Administrator in AdminDroid to grant access to all mailbox permission reports and other Exchange Online insights using the delegation role feature.

Easily Monitor Mailbox Permission Changes

While users with delegated access to a mailbox can also change mailbox folder permissions, AdminDroid helps effectively audit mailbox permission changes to prevent unwanted modifications.

Schedule Mailbox Folder Permission Changes Report

Schedule the mailbox folder permission changes report using the AdminDroid scheduling feature to receive timely insights daily, weekly, or monthly.

Slice and Diced Info on Mailbox Folder Sharing

Refine the EXO folder permission changes report with the advanced filtering feature to extract specific information tailored to your needs.

Comprehensive Public Folder Permission Tracking

Gain insight into Exchange Online public folder changes to track activities such as addition, modification, and removal of public folders.

Overall, AdminDroid’s Exchange Online management tool helps to check folder permission change activities in Microsoft 365 mailboxes. It enables quick identification of unauthorized access, removal of unnecessary permissions, and modifications to mailbox folder permissions, safeguarding sensitive mailbox data.

Explore a full range of reporting options
Download Live Demo

Important Tips

Instead of granting full access permission to a mailbox having critical folders, grant access rights only to the required folders to avoid unauthorized sharing of confidential folders.

Configure multi-factor authentication to mailbox folder delegates for enhancing security and prevent any unauthorized access of mail items.

Remember that whenever you create subfolders within a mailbox folder, existing users who have access to the parent folder automatically gain access to the subfolders.

Common Errors and Resolution Steps

Below are potential errors and troubleshooting tips you might encounter when handling Exchange Online mailbox folder permission modifications.

Error Can’t complete your request. Your request couldn’t be completed. Please try again later.

This error occurs in Outlook web version when you mistakenly attempt to add your own mailbox or a mailbox that is not found within your organization to the mailbox folder list.

Fix Enter the correct mailbox UPN to which you have been granted permission.

Error Microsoft.Exchange.Management.StoreTasks.UserNotFoundInPermissionEntryException|There is no existing permission entry found for user: 'X'.

This error arises in PowerShell when attempting to remove or modify folder permissions that haven't been granted to a specific user.

Fix Double-check the delegated user's email address and verify the permission settings to resolve the issue.

Error Microsoft.Exchange.Management.StoreTasks.UserAlreadyExistsInPermissionEntryException|An existing permission entry was found for user: 'X'.

This error occurs in PowerShell when attempting to modify a user to a permission entry that already exists in the mailbox folder using the Add-MailboxFolderPermission cmdlet.

Fix Use the Set-MailboxFolderPermission cmdlet to modify the existing folder permission. 
Set-MailboxFolderPermission -Identity <Mailbox UPN>:\<Folder Path> -AccessRights <Access Rights> -User <Delegated User’s UPN>

Error Can’t Complete your request. You might not have permission to perform this action.

This error occurs in Outlook on the web when you try to access a mailbox folder without permission or after the permission has been revoked.

Fix Contact the respective mailbox owner or your administrator to verify and grant the necessary permissions.

Error Search results might be impacted by audit log retention policies. Activities that happened over 180 days ago will only show up in results for users who have licensing for long-term audit log retention.

This error occurs for Microsoft Purview Audit (Standard) users when the specified time range exceeds 180 days.

Fix In the Microsoft Purview compliance portal, choose a time range within 180 days. Although many tenants support exporting audit data for up to one year, consider utilizing PowerShell as an alternative.

Error Cannot process argument transformation on parameter 'StartDate'. Cannot convert value "30/02/2024" to type "Microsoft.Exchange.ExchangeSystem.ExDateTime". Error: "String '30/02/2024' was not recognized as a valid DateTime.

This error occurs due to an incorrect date format entry in PowerShell.

Fix Input the date in the format MM/DD/YYYY.
Exchange Online

Frequently Asked Questions

Effortlessly Manage Mailbox Folder Permissions Access Rights in Microsoft 365

What is the difference between mailbox permission and mailbox folder permission in Exchange Online?

What is the difference between mailbox permission and mailbox folder permission in Exchange Online? +

In Exchange Online, mailbox permissions and folder permissions determine how users can access and use mailbox contents. Here's a breakdown of the differences between mailbox permissions and mailbox folder permissions.

Mailbox Folder Permissions in Exchange Online

Scope of access: With mailbox folder permissions, users can access and manage mail content within specific folders or subfolders.

Who can manage folder permissions: Users can configure mailbox folder permissions via the Outlook client applications, and admins can do it using PowerShell.

For example, when an employee leaves the organization, share the Inbox and Sent Items folders with another user and grant the Owner permission. This allows the user to access only the emails sent or received by the employee.

Mailbox Permissions in Exchange Online

Scope of access: Mailbox permissions allow delegated users to send emails or access the entire mailbox, including all folders and mailbox items.

Who can manage mailbox permissions: Exchange Online mailbox permissions can be configured and managed by admins using the Exchange admin center or PowerShell.

For example, when an employee is on long-term leave, give mailbox permissions to another user in Office 365 with Full Access and Send As permission. This allows the user to access the employee's entire mailbox contents and send emails from their mailbox.

While users with full access permission can change any mailbox folder permissions, it is important to frequently check the mailbox permissions assigned to a user.

In order to find all the users who have access to a mailbox, we’ve compiled a complete guide on how to export mailbox permission reports.

Here’s a quick snapshot of what the guide provides!

Below are the key methods outlined in the guide to help you retrieve mailbox permissions for all users.

  • Using Exchange admin center: It explains how to identify users with Full Access, Send As, and Send on Behalf permissions using EAC.
  • Using Windows PowerShell: For more detailed insights on mailbox permissions across all users, it offers respective PowerShell cmdlets and a script.
  • Using AdminDroid: It provides the mailbox permission report detailing the user's access rights with extensive options like export, advanced scheduling, etc.

What are the permission types for mailbox folders?

What are the permission types for mailbox folders? +

Mailbox folder permissions in Exchange Online can be set to grant various access rights, defining exactly what actions users can perform within the folders. These mailbox folder access rights range from viewing content to managing emails. Refer to the following table to see detailed folder permissions.

mailbox-folder-permission-types

In addition to these, users can also set and use custom permission levels that allows them to combine read, delete, and edit access according to their specific requirements.

Monitoring these permissions is crucial for maintaining data security and compliance. However, relying on native reporting methods doesn’t provide a straightforward approach or a detailed overview of all mailbox folder permission changes. To overcome these limitations, AdminDroid simplifies tracking folder activities with a clear view of all changes and who made them.

The Mailbox Folder Changes report from AdminDroid helps Microsoft 365 admins to identify all the mailbox folder activities including the permission changes.

  • This report helps you observe the mailbox folder operations performed, the folders involved during the changes, and the permissions that were granted or removed.
  • Filter the report based on the performed operation, performed by, mailbox folders, etc., to get your desired filtered results.
mailbox-folder-changes-report

Handy Tip: You can use the Export option to download the filtered report in your desired format (CSV, XLS, PDF, etc.) for offline access.

How to get mailbox folder permissions in Exchange Online?

How to get mailbox folder permissions in Exchange Online? +

Microsoft 365 users can view their mailbox folder permission levels through the Outlook client. Additionally, Exchange Online provides admins with the authority to get users' mailbox folder permissions using PowerShell for enhanced governance. Follow the steps outlined below to get mailbox folder permission in Exchange Online using PowerShell and Outlook.

Get mailbox folder permission using Outlook

Refer to the steps below to find mailbox folder permissions in your mailbox or in a mailbox where you’ve been granted delegated access.

  • Login to your Microsoft 365 Outlook account.
  • Under the Folder list, click on the ellipsis associated with the folder you want to view permissions.
  • Choose the Sharing and permissions option.
  • Here you can view the permission of the respective mailbox folder.
    view-mailbox-folder-permission

Get mailbox folder permissions using PowerShell

As an admin, you must use Exchange Online PowerShell to get the mailbox folder permissions since this cannot be viewed using the admin centers.

  • Execute the following cmdlet to find the Exchange Online folder permissions for a specific folder within a mailbox. 
    Get-MailboxFolderPermission -Identity <Mailbox UPN>:\<Folder Path>
    get-mailbox-folder-permission
  • Run the following cmdlet to identify the permission assigned to a specific user for a specific mailbox folder. 
    Get-MailboxFolderPermission -Identity <Mailbox UPN>:\<Folder Path> -User <Delegated User’s UPN>
    get-folder-permission-of-user

Note: Replace <Mailbox UPN> with the mailbox owner's email address, <Folder Path> with the folder's path, and <Delegated User’s UPN> with the email address of the delegated user.

How to give folder permissions in Microsoft Outlook?

How to give folder permissions in Microsoft Outlook? +

In Outlook, you can set mailbox folder permissions to grant access to other users. Here's how to share a mailbox folder with another user.

  • Login to your mailbox via Outlook on the web.
  • Under the Folder list, click the ellipsis (...) associated with the desired folder you want to share.
  • Choose the Sharing and permissions option.
  • Click on the plus (+) icon on the top, enter the name or UPN of the respective users in the Add permissions dialog box, and click the Add button.
  • Select the respective permission from the Permission level drop-down and click the OK button.
    give-mailbox-folder-permission

Grant mailbox folder permissions using PowerShell

If you’re an admin you can share user's mailbox folders using PowerShell cmdlets such as Add-MailboxFolderPermission or Set-MailboxFolderPermission.

You might wonder about ‘what is the difference between Add and Set cmdlet?’ If so, the distinction is that Set-MailboxFolderPermission modifies existing mailbox folder permissions, while the Add-MailboxFolderPermission assigns new permissions.

  • To add the mailbox folder permission for a particular user, execute the cmdlet below. 
    Add-MailboxFolderPermission -Identity <Mailbox UPN>:\<Folder Path> -AccessRights <Access Rights> -User <Delegated User’s UPN>
    add-mailboxfolderpermission
  • To change the mailbox folder permission rights for a delegated user, run the cmdlet below. 
    Set-MailboxFolderPermission -Identity <Mailbox UPN>:\<Folder Path> -AccessRights <Access Rights> -User <Delegated User’s UPN>
  • To remove the mailbox folder permission for a specific user using PowerShell, execute the following command. 
    Remove-MailboxFolderPermission -Identity <Mailbox UPN>:\<Folder Path> -User <Delegated User’s UPN>

How to access someone else's folder in Outlook?

How to access someone else's folder in Outlook? +

Users with folder permissions in Microsoft 365 can access another user's mailbox folders using Outlook clients. For accessing another person's folder(s) using Outlook on the web, follow these straightforward steps.

  • Login to your Outlook account in your preferred browser.
  • Click the ellipsis on the Folders tab and choose the Add shared folder or mailbox option.
  • Enter the email address of the mailbox folder to which you have access and click the Add button.
  • Now, a folder group displaying the user's name will be created with the list of their mailbox folders you can access.
    access-others-mailbox-folders

While users with mailbox folder permissions can access other users’ folders, remember that those with broader mailbox access can view and use entire mailboxes.

In such scenarios, AdminDroid’s Mailbox Non-owner Access report helps to identify the user who accessed other users' mailboxes.

  • This report offers detailed insights such as when the mailbox was accessed, the user who accessed it, the operation performed, client IP, and more.
  • Identifying unauthorized access to a mailbox by a user becomes simple with the help of this report.
mailbox-non-owner-access

Handy Tip: Schedule this non-owner mailbox access report to receive timely email notifications about who accessed which mailboxes in Microsoft 365.

How to manage calendar permissions in Microsoft 365?

How to manage calendar permissions in Microsoft 365? +

Calendars in Outlook are essential for scheduling and visualizing meetings or events. Similar to mailbox folders, calendar folders can also be shared with other users to coordinate schedules and prevent conflicts. To enable this, calendar permissions can be managed through the Outlook client or PowerShell, offering flexibility in controlling access. Here's how to manage calendar permissions in Exchange Online.

Share your calendar using Outlook on the web

  • Login to Outlook on the web and navigate to the Calendar tab.
  • Click on the ellipsis (...) button associated with your calendar and select the Sharing and permissions option.
  • Enter the UPN of the user to whom the calendar is going to be shared.
  • Select the appropriate permission level you want to grant and click the Share button to share the calendar with the selected user.
    share-mailbox-calendar

Access other user's calendars via Outlook (web version)

  • Navigate to the Calendar tab in the Outlook web version and go to the Add calendar section.
  • Click on the Add from directory tab.
  • Select your Microsoft 365 account from the ‘Please select an account to search from’ drop-down.
  • Then, enter the email address of the user for whom you have permission.
  • Select the calendar group from the Add to drop-down and click on the Add option.
    access-others-calendar

Manage calendar permissions in Office 365 using PowerShell

While calendar permissions cannot be managed directly from any native admin centers, admins can utilize Exchange Online PowerShell to handle them. By default, any user can view other internal users’ calendars with the AvailabilityOnly scope, which shows whether the calendar owners are free/busy.

  • To view the default calendar permissions for a mailbox, run the following cmdlet. 
    Get-MailboxFolderPermission -Identity <Mailbox UPN>:\Calendar -User Default
  • To change default calendar permissions for a mailbox to allow all other users to view the calendar schedule with the event's subject and location, use the following cmdlet. 
    Set-MailboxFolderPermission -Identity <Mailbox UPN>:\Calendar -User Default -AccessRights LimitedDetails
  • To view specific user’s calendar access rights, run the following command. 
    Get-MailboxFolderPermission -Identity <Mailbox UPN>:\Calendar -User <Delegated User’s UPN>
  • To modify a specific user's calendar access rights, use the following cmdlet. 
    Set-MailboxFolderPermission -Identity <Mailbox UPN>:\Calendar -User <Delegated User’s UPN> -AccessRights <LimitedDetails or AvailabilityOnly>
  • To remove calendar permissions using PowerShell, execute the following command. 
    Remove-MailboxFolderPermission -Identity <Mailbox UPN>:\Calendar -User <Delegated User’s UPN>
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Exchange Online
How to Find Who Changed Mailbox Folder Permissions in Exchange Online
Exchange Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo