Microsoft 365 permissions report software

Managing permissions across Microsoft 365 services can quickly become complex. With multiple services and admin centers to manage, administrators often struggle to clearly see who has access to what, where permissions were granted, and whether those permissions are still necessary. Native Microsoft 365 tools provide limited visibility and often require switching between portals or running scripts to gather permission data.

ManageEngine M365 Manager Plus simplifies Microsoft 365 reporting by providing 700+ centralized, preconfigured reports, including permission reporting across major Microsoft 365 workloads such as Microsoft Entra ID, Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, and more. Administrators can quickly identify mailbox delegates, group permissions, sharing activities, and role assignments from a single console, making it easier to detect excessive access, monitor delegated permissions, and track permission changes across entire tenants.

• Entra ID
• Exchange Online
• SharePoint Online
• OneDrive for Business
• Microsoft Teams

Microsoft Entra ID permission and role reports

Microsoft Entra ID manages the identity, access, and role assignments for Microsoft 365 environments. Monitoring Entra ID permissions is critical to maintaining security and ensuring proper administrative oversight.

M365 Manager Plus provides reports that help administrators monitor group memberships, role assignments, and application permissions in Entra ID.

Monitor Microsoft 365 user hierarchy and attributes

Track organizational structure and user profile completeness with the following user reports from M365 Manager Plus.

• All Managers: Lists the details of all Entra ID users who have direct reports.
• Users With Managers: Displays users who have a manager assigned to them in Entra ID.
• Users Without Managers: Displays users who do not have a manager assigned to them in Entra ID to help HR and IT teams spot gaps in the organizational chart.
• User with Empty Attributes: Highlights Entra ID user accounts with missing profile fields such as department, job title, or location.
• Guest Users: Lists all external guest accounts that have been invited into the tenant to review and clean up third-party access that may no longer be needed.

Track Microsoft 365 group and role permissions

M365 Manager Plus' intuitive and customizable reports help you analyze how Microsoft 365 permissions are assigned through Entra groups and Entra roles.

• Groups with Send As Permission: Shows Entra groups that have been granted Send As rights.
• Groups with Send On Behalf Permission: Lists Entra groups where members can send emails on behalf of the group address.
• Recently Added Members to Groups: Tracks users who were recently added to any group in the tenant to identify unauthorized or unexpected group membership changes quickly.
• Recently Removed Members from Groups: Shows users who were recently removed from groups to help detect accidental removals or suspicious offboarding activity.
• Recently Added Member to Role: Displays Entra users who were recently assigned an administrative or directory role. Critical for monitoring privilege escalation and ensuring only authorized users hold elevated roles.
• Recently Removed Member from Role: Lists Entra users who were recently stripped of a directory role assignment in Entra ID.

Monitor Entra ID application permissions

Understand how Entra applications interact with your Microsoft 365 tenant with M365 Manager Plus' detailed Entra application reports.

• Recently added OAuth 2.0 Permission: Tracks OAuth permissions that were recently granted to Entra applications in the tenant. Helps identify apps that may have been given excessive or unauthorized API access.
• Recently removed OAuth 2.0 Permission: Shows OAuth permissions that were recently revoked from Entra applications.
• Recently Granted Consent to Application: Lists Entra applications that recently received admin or user consent in the tenant to detect potentially risky consent grants.
• Recently Revoked Application Consent: Displays Entra applications for which admin consent was recently withdrawn to confirm proper termination of the application.

Exchange Online permission reports

Mailbox permissions often determine who can access sensitive communication and data within an organization. Delegate access, Send As rights, forwarding configurations, and folder-level permissions require separate queries and are scattered across admin portals.

M365 Manager Plus provides detailed Exchange Online permission reports that help you analyze mailbox access and delegation settings so you can spot unauthorized access, clean up stale delegates, and prove compliance in minutes.

Monitor Microsoft 365 mailbox access and delegation

Identify who can access mailboxes and how that access is granted with M365 Manager Plus' granular mailbox delegation reports.

• Mailbox with Forward To: Lists mailboxes configured to automatically forward incoming emails to another address. Helps detect unauthorized forwarding rules that could lead to data leakage.
• Mailboxes without Forward To: Shows mailboxes that have no mail forwarding rules configured.
• Mailbox Permissions: Provides a full view of who has been granted access to each mailbox, including Full Access rights. Helps administrators audit mailbox delegation and identify users with excessive mailbox access.
• Mailboxes with Delegates: Lists mailboxes that have one or more delegates assigned.
• Mailboxes without Delegates: Identifies mailboxes with no delegate configured.
• Non-Owner Mailbox Access: Identifies users other than the mailbox owner who have accessed a mailbox.

Track Microsoft 365 mailbox permissions

Use M365 Manager Plus’ mailbox permission reports to monitor how much control users have over their own mailboxes and others’.

• Send As Permission: Shows which mailboxes or Entra groups have Send As rights granted to users.
• Send on Behalf Permission: Lists users or groups authorized to send emails on behalf of another mailbox.
• Users with Send As Permission: Displays users who hold Send As rights over any mailbox.
• Users with Send On Behalf Permission: Lists individual users granted Send On Behalf rights for specific mailboxes.

Analyze Exchange Online mailbox folder access

Review granular access permissions across mailbox folders with M365 Manager Plus.

• Mailbox Folder Permissions: Displays access rights assigned at the folder level within mailboxes, such as Inbox or Sent Items.
• Shared Mailbox Permissions: Shows who has been delegated rights over shared mailboxes across the organization.
• Public Folder Permission: Lists access rights assigned to public folders in Exchange Online.
• Calendar Folder Permissions: Displays who has been granted access to calendar folders within mailboxes.

SharePoint Online access permission reports

SharePoint Online sites often contain sensitive documents and collaborative workspaces. Understanding who has access to these sites helps prevent excessive permissions.

M365 Manager Plus enables administrators to analyze SharePoint site permissions with dedicated reports.

• Site-wise Members: Lists all members with access to each SharePoint site in the tenant. Provides a clear view of site-level access for auditing and rightsizing permissions.
• Site-wise Groups: Shows which groups are associated with each SharePoint site and what roles they hold. Helps administrators understand how group-based access is structured across sites.
• Site-wise Roles: Displays the permission roles defined and assigned within each SharePoint site. Useful for identifying non-standard or overly permissive role configurations.

OneDrive for Business permission reports

File sharing is essential for collaboration, but uncontrolled sharing can expose sensitive data. Monitoring sharing activities helps administrators maintain visibility into external access.

M365 Manager Plus provides detailed OneDrive sharing reports that help you track file access and sharing permissions.

• Sharing Activities: Tracks all file and folder sharing events within OneDrive for Business. Provides visibility into what content is being shared, with whom, and when.
• Sharing Revoked Activities: Logs instances where previously granted sharing access was removed. Useful for confirming that access revocation requests or policy enforcement actions took effect.
• Sharing Invitation Activities: Shows sharing invitations sent from OneDrive, including internal and external recipients. Helps identify unusual outbound sharing patterns that may indicate data exposure risks.
• Access Request Activities: Displays instances where users requested access to OneDrive content they don't currently have permission to view.

Microsoft Teams permission reports

Microsoft Teams environments can grow quickly, with multiple teams, channels, and external collaborators. Monitoring team membership and guest access helps maintain secure collaboration.

M365 Manager Plus provides Teams-specific reports to help administrators track membership and permissions.

• Teams with Owners: Lists all Teams and their assigned owners across the tenant. Helps ensure every team has an active, accountable owner and flag any orphaned teams.
• Private Channel Members: Shows membership details for private channels within Microsoft Teams.
• Teams Channel Guest Users: Identifies external guest users who have been added to Teams channels. Useful for reviewing and controlling third-party collaboration access within your Teams environment.

Why choose M365 Manager Plus as your Microsoft 365 permissions report software?

M365 Manager Plus provides great value for IT teams who need their data visualized and segregated so that they can concentrate on what to do with the insights rather than fight with raw logs.

• Unlimited data retention: Retain Microsoft 365 audit and report data on your own infrastructure beyond Microsoft's native 30–180 day limit so you can meet compliance requirements and investigate historical incidents months or years later.
• Scriptless access to advanced data: Access PowerShell-only attributes and apply complex filters through a point-and-click interface, with no scripts to write, maintain, or update.
• Actionable reports: Getting to know your data is half the battle. Create, modify, or delete objects directly from within a report without switching pages for a seamless administrative experience.
• Custom reports: Build reports around the exact attributes and conditions your team needs, save the configuration, and reuse or schedule it so you're not rebuilding them from scratch each time.
• Automated scheduling and delivery: Set any report to run on a recurring schedule and deliver results directly to stakeholder inboxes with no manual effort.
• Delegated reporting across tenants: Scope reporting access precisely across multiple tenants so administrators see exactly what they need, without requiring over-privileged roles.

Other features of M365 Manager Plus

• Microsoft 365 reporting: Over 700 pre-built and custom reports across major Microsoft 365 services, such as Exchange Online, SharePoint Online, Teams, OneDrive for Business, and more, all from one dashboard.
• Microsoft 365 auditing: Maintain a complete, searchable audit trail of every change across your Microsoft 365 environment.
• Microsoft 365 alerting: Get real-time alerts on suspicious sign ins, admin role changes, license breaches, and policy violations.
• Microsoft 365 management: Manage users, groups, mailboxes, Teams, SharePoint permissions, and license assignments across workloads without switching portals.
• Microsoft 365 automation: Automate onboarding, offboarding, license provisioning, and group updates with no-code workflows and no add-on subscriptions.
• Microsoft 365 admin delegation: Give help desk staff scoped access to specific tasks such as password resets, group changes, mailbox management, without full admin rights or visibility over the users they don't manage.