Published:
Jun 18, 2025
|
Modified:
|
7
min read

How to Review and Manage Exchange Online Mailbox Permissions

Ivan Fioravanti
Ivan Fioravanti, Co-founder and CTO for CoreView, uses his system engineer and .NET development skills to lead CoreView’s technology team. He’s passionate about AI, automation and all things Microsoft 365.

Maintaining control over Exchange Online mailbox permissions is not only a cornerstone of good tenant security hygiene but is also crucial for compliance—especially during employee or contractor onboarding, role changes, or offboarding. Gathering all necessary permission data can be time-consuming and complex using Microsoft’s default tools, particularly in large organizations. CoreView provides an enhanced, faster, and more secure alternative for visibility and management.

Review and Change Mailbox Access Using Microsoft 365 Admin Tools

Microsoft 365 offers methods for reviewing and managing mailbox permissions via both the Exchange Admin Center and PowerShell.

Manage Permissions in the Exchange Admin Center

The EAC allows you to view and modify permissions at the individual mailbox or group level:

  • In the EAC, select a mailbox and navigate to “Mailbox delegation”.
Mailbox delegation
  • Here, you can assign or review Full Access, Send As, and Send on Behalf permissions.
eview Full Access, Send As, and Send on Behalf permissions
eview Full Access, Send As, and Send on Behalf permissions screen 2
The EAC does not currently support generating a tenant-wide or consolidated permissions report. Review is available on a per-mailbox basis only.

Modify Permissions with PowerShell for Exchange Online

For a comprehensive, tenant-wide overview—especially in large or complex environments—PowerShell is more flexible and powerful.

Recommended module

Use the latest ExchangeOnlineManagement module. Microsoft has phased out older remote PowerShell methods and recommends the REST-based EXO* cmdlets for better performance, improved security, and future compatibility.

Example:

# Connect to Exchange Online (prompt for credentials)
Connect-ExchangeOnline

# Retrieve all mailboxes
Get-EXOMailbox

# Get permissions assigned directly to all mailboxes (e.g., FullAccess)
Get-EXOMailboxPermission -ResultSize Unlimited

# Get recipient-level permissions (SendAs)
Get-EXORecipientPermission -ResultSize Unlimited

#Get Send on Behalf permissions
Get-Mailbox | fl UserPrincipalName,GrantSendOnBehalfTo
For large tenants (tens of thousands of mailboxes), retrieving all permission details can be extremely time-consuming and may impact session limits. Use filtering options (e.g., -Filter, -RecipientTypeDetails) to narrow results and optimize performance.

Refer to the official Microsoft documentation on Exchange Online PowerShell V3 cmdlets and module.

Review and Manage Mailbox Access with CoreView

Follow these steps to review and manage Exchange mailbox permissions using CoreView:

Gain Visibility into All Exchange Mailbox Delegates

  • Log in to the CoreView app
  • Search for “User mailbox” under “Reports
User mailbox screen
  • Alternatively, go to “Reports > Security > User mailbox security
User mailbox security screen
  • A table showing all delegates will be shown and you can easily filter to find what you are looking for.
Table screen

The data displayed is enriched to expedite the identification of anomalies. You can find details such as recipient type details, company country, and department information of both the delegated mailbox and the delegate. Quite often, during a role change, users can still access mailboxes they should no longer have access to.

Pro TIP - Filter with Type of User with Access = SharedMailbox. This often reveals old or decommissioned user accounts (e.g., user mailboxes migrated to shared) that still have delegate permissions. Removing these helps reduce security risks and eliminates management noise.

Perform Bulk Permission Changes Using CoreView Actions

  • Go to “Actions > Management actions
  • Under the “Filter assistant”, check the “Mailbox” option. This will reveal a list of possible actions.
Bulk permissions screen

These actions provide quick and comprehensive management of mailbox permissions, helping keep this aspect of Microsoft Exchange Online under control.

Operators will only be able to see and manage mailboxes within their V-Tenant-defined scope.

Get a personalized demo today

Created by M365 experts, for M365 experts.