Support
 
PhoneGet Quote
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890

 
 

Exchange Online Mailbox permission auditing

Mailboxes are a treasure trove of personal data and confidential business information, especially if the mailbox belongs to the top brass of your organization. Some of the first things an intruder does after infiltrating a network is an attempt to identify accounts that have elevated permissions and grant themselves access to the mailboxes of those accounts. They may even block everyone else's access to these mailboxes, causing mayhem.

M365 Manager Plus is a Microsoft 365 security tool that helps detect security attacks and analyze risks in your Microsoft 365 environment, and get the insights you need to identify these permission changes to your mailboxes with its customizable audit profiles.

How to audit Exchange Online mailboxes

By default, mailbox auditing is disabled for all Exchange Online mailboxes. You need to enable auditing for Exchange mailboxes manually to view audit logs. The native Microsoft 365 portal doesn't offer any way to enable auditing for mailboxes in bulk; you either need to individually enable auditing for each and every mailbox, or use PowerShell scripting to automate the process.

But even if you are well-versed in scripting, this process would still be time-consuming if you have a significant number of mailboxes in your organization. This is where M365 Manager Plus comes into play. With M365 Manager Plus, you can enable auditing for any number of mailboxes in just a few clicks—all without a single PowerShell script. You can:

  1. Identify which mailboxes have auditing disabled.
  2. Enable mailbox auditing.

What mailbox permissions you must audit

Mailbox permissions are used to grant access to the contents of a mailbox; this includes not only the inbox but also the mailbox folders, calendar, and contacts. This is why caution should be maintained when granting mailbox permissions to delegates, so a user does not receive elevated privileges unless they need them.

The following permissions can be assigned to delegates:

Permission Description
Full Access Authorizes the delegates to open the mailbox, as well as view, add, and remove content. They won't, however, be able to send emails from the mailbox.
Send As Authorizes delegates to send emails from the delegated mailbox or group without revealing their identity. The emails sent appear as if they were sent from the delegated mailbox or group.
Send on Behalf Authorizes delegates to send emails from the delegated mailbox or group; these emails clearly show the identity of the sender. However, replies will be sent to the delegated mailbox or group.

How to audit mailbox permission changes with M365 Manager Plus

You can track all permission changes to your mailboxes in Exchange Online with M365 Manager Plus by navigating to Audits > Exchange Online > Mailbox Permission > Mailbox Permission Changes.

You can now view all instances of mailbox permission changes with the necessary details, such as the time, country, and date of the permission change, and also who changed it and what permission was added or removed to which mailbox.

What more can you achieve with M365 Manager Plus?

Apart from tracking mailbox permission changes, you can also audit Exchange Online for property changes, DLP policy matches, message trace details and more. Other services that can be audited using M365 Manager Plus include:

Know all about the Exchange Online mailboxes in your organization.

  Download a free trial now!  Request demo
A holistic Microsoft 365 administration solution