Check Non-owner Mailbox Access in Microsoft 365

Native Solution

Microsoft 365 Permission Required

High

Global Admin or Exchange Admin.

Option 1 Using Microsoft 365 Purview Portal

Login to the Microsoft 365 Purview Portal.
Navigate to the Audit page under "Solutions". Customize the Start date and End date as per your requirement.
Under the "Activities-friendly names" drop-down, select the desired mailbox operations within the Exchange mailbox activities category.
To retrieve the complete mailbox activities of a specific user, select the respective user under the Users filter and get the details as shown below.

Note: The steps above will display both owner and non-owner mailbox actions performed by the specific user. However, it is not possible to filter only the non-owner mailbox activities.
You can also get the report from the Classic EAC by navigating to Run a non-owner mailbox access report from Compliance Management»Auditing. However, it is under deprecation.

Option 2 Using PowerShell Script

The audit log search requires you to manually differentiate between owner and non-owner mailbox activities, which can be quite frustrating.
But we've made your job easier! We've developed a PowerShell script that retrieves all non-owner mailbox activities performed by users.
Download and run the following script in the Administrator PowerShell.

NonOwnerMBAccessReport.ps1

Note: You can also use the "Search-MailboxAuditLog" cmdlet to find non-owner mailbox activities. However, it is under deprecation.

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to Audit»Exchange»Mailbox Access»Mailbox Non-Owner Access report.

Visualize the complete list of users who has access to other mailboxes along with accessed time, performed operation, IP address, etc.

Leverage built-in graphical representation feature to visually depict the specific operations carried out on Exchange Online mailboxes by non-owners.

Explore a full range of reporting options

Simple yet the best! Isn't it?

Don't let the delegates rule your Exchange Online mailboxes - Safeguard your mailbox sensitive information by monitoring the non-owner mailbox access activities using AdminDroid.

Witness the report in action using the

Live Demo

Important Tips

Regularly monitor user access to admins' mailboxes in your Exchange Online as they may contain highly confidential information.

Allow limited trusted admins access to other mailboxes rather than granting permissions to the users. You can allow read-only access to users only for required folders.

Keep an eye on guests who have access to other mailboxes and remove any unwanted guest access, since it may pose security issues in your Microsoft 365 environment.

Exchange OnlineMonitor users’ access to other mailboxes to detect any unauthorized actions in Microsoft 365

Showing 1 of 6

Do users' access to other mailboxes pose severe security risks? Why do admins grant user access to other mailboxes in Office 365? How to check who has access to other mailboxes in Exchange Online? How to grant permissions to other mailboxes in Microsoft 365? How to audit non-owner mailbox access in Exchange Online? How to manage non-owner mailbox access efficiently?

Do users' access to other mailboxes pose severe security risks?

When a user accesses another mailbox within an organization, several security concerns may arise, including the following:

Microsoft 365 external access If any external/guest users have access to other Exchange Online mailboxes, there is a possibility of accessing any sensitive information from the respective mailbox.
Using suspicious IPs If an Microsoft 365 user accesses other mailboxes from an unusual IP address, the possibility of data breaches is greater.
Multiple mailbox logins from the same user If a user sign-in to the delegated mailbox multiple times within a short period, it might indicate malicious mailbox access.
Prone to Microsoft 365 phishing attacks Unknowingly, non-owners may respond to phishing emails which results in the stealing of credentials by the hackers.

Access from suspicious IP addresses may cause serious threats to a Microsoft 365 organization!

Using AdminDroid, you can easily find the IP address of a specific Exchange Online mailbox non-owner access event.

To find the IP address of a particular Microsoft 365 non-owner access activity, you can check the Client IP property from the Mailbox Non-Owner Access report. Additionally, you can rearrange the available properties as per your need by clicking on the Customize Columns icon.

Why do admins grant user access to other mailboxes in Office 365?

Admins grant user access to other mailboxes for the following reasons,

Email management : Granting mailbox permissions to other users helps distribute the workload and streamline email management within an organization, particularly when a Microsoft 365 user receives a high volume of emails.
Accessing required folders : Mailbox folder permissions allow users to share specific folders with others, granting them varying levels of access such as reviewer, author, and auditor.
Troubleshooting issues : Admins may need access to user mailboxes to set up inbox rules, troubleshoot email delivery problems, etc.

How to check who has access to other mailboxes in Exchange Online?

To access other mailboxes, a Microsoft 365 user should have the necessary mailbox permissions assigned. Since these permissions can grant other users access to sensitive mailbox information, admins should review these permissions regularly to prevent data leakages.

Run the below PowerShell cmdlet to see various permissions assigned to a mailbox.

Get-MailboxPermission –Identity <User’s ID>

If you notice any unwanted permissions, remove them immediately by running the below PowerShell cmdlet. 

Remove-MailboxPermission -Identity <Mailbox Owner’s Display Name> -User <Delegate’s Display Name> -AccessRights<Permission> -InheritanceType All

Be proactive in getting the various permissions assigned to a mailbox using AdminDroid to ensure that the delegated users are legitimate ones for those mailboxes.

You can get the entire details of the mailbox, user with access, access status, etc.

How to grant permissions to other mailboxes in Microsoft 365?

To give access to other mailboxes, follow the steps below.

Login to the Microsoft 365 admin center. Navigate to Active users under the Users tab
Click the desired user. You can assign various permissions such as read & manage, send as, and send on behalf from the Mailbox permissions section located at the Mail tab.

Additionally, you can grant mailbox permissions when you delete a user from your Office 365 environment. The user mailbox will be converted into a shared mailbox.

While deleting a user, you will be prompted to grant another user access to their mailbox, OneDrive, and other associated resources.

Select the Give another user access to email option. Mention the user to whom the mailbox should be delegated.
You can set up a different display name for this mailbox.
You can also configure automatic replies and email aliases for the mailbox.

Revoke any unwanted Exchange Online mailbox permission changes immediately!

AdminDroid allows you to track the mailbox permission changes to the mailboxes. You can get the entire details of the authorized mailbox, authorized user, device used for authorization, and authorizing user’s type.

Using easy filters, you can view the permission changes of a specific mailbox that may contain sensitive Microsoft 365 information.

How to audit non-owner mailbox access in Exchange Online?

Admins should monitor the activities of the mailboxes accessed on behalf of the owners to ensure their organization's confidential information is safe. You can get the mailbox access details such as the user accessing the mailbox, the type of access, the date and time of access, and the operation performed. Follow the below ways to get the non-owner mailbox activities.

Using Microsoft 365 Purview Portal To know who accessed other mailboxes, search the Office 365 audit logs from the Audit log search.
Microsoft PowerShell Run the PowerShell script provided to get non-owner mailbox access report in Exchange Online.

Since the Office 365 audit logs contain a vast amount of data, filtering your exact requirement might be a challenging task.

With AdminDroid, you can create alerts for unusual number of non-owner mailbox access activities using the in-built alert policy template.

Click the Preview & Deploy option to create an alert policy.
Pro Tip: Make use of the different scopes available to set up alerts based on specific properties instead of organization-wide notifications.

How to manage non-owner mailbox access efficiently?

You can protect and manage the mailboxes accessed by non-owners by enforcing security measures such as strong passwords, multifactor authentication, and encryption to protect sensitive information. This helps prevent unauthorized access and potential data breaches. Follow the steps below to efficiently manage the mailboxes accessed by non-owners before they pose serious threats to your organization.

Multifactor Authentication : Set up MFA for both owners and non-owners for secured access to mailboxes that helps to prevent unauthorized access even if the credentials are stolen.
Conditional Access Policies : Set up conditional access policies to block owners and delegates who access mailboxes from unfamiliar locations.
Limited Access : Give Full Access permission only to trusted M365 users. For other users, just give Send on Behalf permission if needed.
Sharing Policies : Set up sharing policies for mailbox so that its contents cannot be shared with everyone.
Anti-Phishing Policies : Set up anti-phishing policies for all the mailboxes to prevent delegates from responding to phishing emails.

With AdminDroid, you can receive the report on non-owner mailbox access daily which reports on previous day activities alone using the Intelligent filtering option.

We recommend you use the Schedule this report now option to send the report periodically to your inbox.
You can also check whether the schedule has been created by navigating to the Schedule Reports page in your AdminDroid portal.

AdminDroid Exchange Online ReporterMaster the art of auditing Exchange Online non-owner mailbox access!

Proving to be a complete package for all the Microsoft 365 admins, the AdminDroid Exchange reporting and auditing tool lets you detect who accessed other mailboxes without any flaws.

Unique functionalities that AdminDroid provides you to audit non-owner mailbox access

By analyzing the results of the Mailbox Non-owner Access report, you can make informed decisions regarding whether to revoke access or assign additional mailbox permissions, thereby maintaining security within the organization. Also, it provides complete information about the IP address, accessed user, operation performed, accessed time, etc.

An Overview

Unified View of Non-owner Mailbox Access Activities

To enhance your non-owner mailbox access auditing, customize the columns to include or exclude specific properties to get a customized report.

Complete Overview of Mailbox Permissions

Know the various mailbox permissions assigned to a mailbox such as send as, send-on-behalf, and full access in separate reports.

Audit Permission Changes of a Specific Mailbox

Apply easy filters to audit the permission changes of a mailbox containing highly confidential information in your organization.

Alert on Unusual Non-owner Mailbox Access

Generate an alert to get notified of a greater number of non-owner mailbox access happening within a short time.

Automated Report Generation

Using advanced scheduling, you can receive the non-owner mailbox access report periodically in various formats such as HTML, PDF, CSV, XLS, XLSX, and RAW to your mailbox.

Be Updated on Non-owner Mailbox Access

The non-owner mailbox access activities are synced every 10 minutes, which keeps you instantly informed about the activities happening in your organization.

Overall, AdminDroid allows you to track the activities of mailboxes accessed by non-owners in a unified view. With the help of unique in-tool functionalities, you can easily customize the non-owner mailbox delegation report tailored to your Exchange Online requirement.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for Microsoft 365 non-owner mailbox access auditing

The following are possible errors and troubleshooting hints while dealing with Office 365 mailbox accessed by non-owners:

Error: Mailbox Audit Logging is not enabled.

This happens when auditing is not enabled for the particular mailbox.

Troubleshooting hint :Follow the below cmdlet to enable auditing for the particular mailbox.

Set-Mailbox <Display Name> -AuditEnabled $true

Error: The term 'Get-MailboxPermission' is not recognized as the name of a cmdlet, function, script file, or operable program.

This happens because the Exchange Online module may not be installed properly.

Troubleshooting hint : Install the Exchange Online PowerShell module. If it is already installed, updating it could resolve the issue. Run the below cmdlet for updating it.

Update-Module -Name ExchangeOnlineManagement

Error: There are no items to show in this view.

This happens because the user you’ve specified in the “Search for access by” drop-down box may not be an admin.

Troubleshooting hint :Choose All non-owners from the drop-down box.

Error: The extended property attribute combination is invalid. This cmdlet is obsolete. Please use Get-ComplianceSearch instead.

This occurs when you navigate to the Compliance Management section from the Classic Exchange admin center which is under deprecation.

Troubleshooting hint :Instead of using Classic EAC to run a non-owner mailbox access report, navigate to Auditing from the Microsoft 365 Purview portal.

Error: Your attempt to connect to this Exchange server was denied because your account isn’t enabled for Remote PowerShell.

This happens while connecting to the Exchange Online module because the Remote PowerShell functionality is disabled for you.

Troubleshooting hint :Ask another Global/Exchange administrator to enable it for you using the below cmdlet.

Set-User -Identity <UPN> -RemotePowerShellEnabled $true

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Get the Report on Non-owner Mailbox Access in Exchange Online