Support
 
PhoneGet Quote
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890

 
 

Exchange Online Mailbox permission auditing

Mailboxes are a treasure trove of personal data and insider business information, especially if the mailbox belongs to the top brass of your organization. Some of the first things an intruder does after infiltrating a network is an attempt to identify accounts that have elevated permissions and grant themselves access to the mailboxes of those accounts. They may even block everyone else's access to these mailboxes, causing mayhem.

How to audit Exchange Online mailboxes

By default, mailbox auditing is disabled for all Exchange Online mailboxes. You need to enable auditing for Exchange mailboxes manually to view audit logs. The native Microsoft 365 portal doesn't offer any way to enable auditing for mailboxes in bulk; you either need to individually enable auditing for each and every mailbox, or use PowerShell scripting to automate the process.

But even if you are well-versed in scripting, this process would still be time-consuming if you have a significant number of mailboxes in your organization. This is where M365 Security Plus comes into play. With M365 Security Plus, you can enable auditing for any number of mailboxes in just a few clicks—all without a single PowerShell script. You can:

  1. Identify which mailboxes have auditing disabled.
  2. Enable mailbox auditing.

Mailbox permissions to audit

Mailbox permissions are used to grant access to the contents of a mailbox; this includes not only the inbox but also the mailbox folders, calendar, and contacts. This is why caution should be maintained when granting mailbox permissions to delegates, so a user doesn't receive elevated privileges unless they need them.

The following permissions can be assigned to delegates:

Permission Description
Full Access Authorizes the delegates to open the mailbox, as well as view, add, and remove content. They won't, however, be able to send emails from the mailbox.
Send As Authorizes delegates to send emails from the delegated mailbox or group without revealing their identity. The emails sent appear as if they were sent from the delegated mailbox or group.
Send on Behalf Authorizes delegates to send emails from the delegated mailbox or group; these emails clearly show the identity of the sender. However, replies will be sent to the delegated mailbox or group.

With M365 Security Plus you can:

  • Generate a report on mailbox delegates, which can be delivered to your inbox at scheduled times in PDF, HTML, CSV, or XLSX formats.
  • Easily grant mailbox permission to multiple users at once, which isn't possible in the native Microsoft 365 admin center.
  • Audit mailbox delegates' activities so you can identify suspicious activities.

Microsoft 365 auditing

A Complete Microsoft 365 Security Solution