Microsoft 365 Mailbox Folder Permission Management Using PowerShell
Mailbox folder permissions ensure the right level of access in facilitating collaboration among users in organizations using Exchange Online. Efficient mailbox folder permission management is essential for streamlining task delegation, optimizing task distribution, and preventing unwanted data breaches. While managing mailbox folder permissions through Outlook can be time-consuming, PowerShell offers quicker and more efficient customization options.
Let’s get into Microsoft 365 mailbox folder permission management and explore the power of PowerShell. Without further delay let’s get started.
Mailbox folder permissions in Exchange Online refers access to other users’ mailbox folders or calendars. Microsoft 365 users can access other users’ mailbox folders or calendars based on the granted access rights. Even though Microsoft 365 users have access to others’ mailbox folders they do not have the privilege to send emails on behalf of mailbox owners.
Mailbox permission changes enable delegated access for sending emails, with privileges like Full Access, Send As, and Send on Behalf. Whereas mailbox folder permissions grant access to specific mailbox folders, determined by the assigned access rights.
Mailbox folder permissions can be applied through both Outlook and PowerShell. The list below provides detailed descriptions of individual mailbox folder permissions that can be easily applied using PowerShell, granting access to other users.
Mailbox Folder Permissions |
Mailbox Folder Permission’s Description |
CreateItems | The user can create items within the specified mailbox folder. |
CreateSubfolders | The user can create subfolders in the specified mailbox folder. |
DeleteAllItems | The user can delete all items in the specified mailbox folder. |
DeleteOwnedItems | The user can only delete items that they created from the specified mailbox folder. |
EditAllItems | The user can edit all items in the specified mailbox folder. |
EditOwnedItems | The user can only edit items that they created in the specified mailbox folder. |
FolderContact | The user is the contact for the specified public mailbox folder. |
FolderOwner | The user is the owner of the specified mailbox folder. The user can view the folder, move the folder and create subfolders. The user can’t read items, edit items, delete items, or create items. |
FolderVisible | The user can view the specified mailbox folder, but can’t read or edit items within the specified public folder. |
ReadItems | The user can read items within the specified mailbox folder. |
The following table lists the roles, which are the permissions that can be applied to the mailbox folder to provide access to other users.
Mailbox Folder Roles |
Mailbox Folder Permissions |
Author | CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, and ReadItems. |
Contributor | CreateItems and FolderVisible. |
Editor | CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, and ReadItems. |
None | FolderVisible. |
NonEditingAuthor | CreateItems, FolderVisible, and ReadItems. |
Owner | CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, and ReadItems. |
PublishingEditor | CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, and ReadItems. |
PublishingAuthor | CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible, and ReadItems. |
Reviewer | FolderVisible and ReadItems. |
The following table lists the roles that can be applied specifically to calendar folders.
Calendar Folder Roles | Calendar Folder Role’s Description |
AvailabilityOnly | View only availability data |
LimitedDetails | View availability data with subject and location |
Below is the list of essential operations, to effectively manage mailbox folder permission in Exchange Online using PowerShell. With these operations, you can ensure mailbox security and break the challenges of handling mailbox folder permissions.
- Add Mailbox Folder Permissions Using PowerShell
- Get Mailbox Folder Permissions Using PowerShell
- Set Mailbox Folder Permissions Access Rights Using PowerShell
- Remove Mailbox Folder Permissions with PowerShell
- Export Mailbox Folder Permissions to CSV Using PowerShell
- Configure Mailbox Calendar Folder Permissions Using PowerShell
Before getting started, make sure to connect to Exchange Online PowerShell module.
Adding mailbox permission provides permissions over the mailbox folder to the delegated user, also it enhances collaboration within the Exchange Online environment.
To add mailbox folder permissions using PowerShell, use the “Add-MailboxFolderPermission” cmdlet as described below.
Add-MailboxFolderPermission -Identity <UserUPN>:\<FolderName> -User <DelegatedUserUPN> -AccessRights <RolesOrPermissions>
Here, replace <UserUPN> with the mailbox folder owner’s UPN.
Replace <FolderName> with the mailbox folder name.
Replace <DelegatedUserUPN> with the user to be delegated.
Replace <RolesOrPermissions> with the appropriate roles or permissions to be assigned to the folder.
For example, replacing the <RolesOrPermissions> with “Owner” gives full access to the delegated folder.
Execution of this cmdlet assigns the appropriate roles or permission of the mailbox folder to the delegated user.
You can also add folder permission to the contacts folder by replacing the <FolderName> with “Contacts”.
Add-MailboxFolderPermission –Identity <UserUPN>:\contacts -User <DelegatedUserUPN> -AccessRights PublishingEditor
You can easily retrieve the mailbox folder permissions of a particular mailbox in PowerShell using the “Get-MailboxFolderPermission” cmdlet. Use the cmdlet as described below.
Get-MailboxFolderPermission -Identity <UserUPN>:\<FolderName>
Here, Replace <UserUPN> with the mailbox folder owner’s UPN.
Replace <FolderName> with the mailbox folder name.
Upon executing this cmdlet, a list of users who have access to the respective folder, along with their access rights, will be displayed.
Also, the “Get-EXOMailboxFolderPermission” cmdlet allows you to view permissions for Exchange Online mailbox folders, but it cannot be used for on-premises mailbox folders.
Note: Monitoring folder statistics is also crucial to optimize storage consumption. Get mailbox folder size report to view the size of each folder for all Exchange Online mailboxes.
You can update the existing access rights or the permissions for a particular mailbox folder using the “Set-MailboxFolderPermission” cmdlet.
Set-MailboxFolderPermission -Identity <UserUPN>:\<FolderName> -User <DelegatedUserUPN> -AccessRights <RolesOrPermissions>
Here, replace <UserUPN> with the mailbox folder owner’s UPN.
Replace <FolderName> with the mailbox folder name.
Replace <RolesOrPermissions> with the appropriate roles or permissions to be assigned to the folder.
For example, replacing the <RolesOrPermissions> with “Editor” updates the roles to the edit access permission.
Execution of this cmdlet modifies the level of mailbox folder permission to the delegated user.
To remove mailbox folder permissions using PowerShell, execute the following cmdlet.
Remove-MailboxFolderPermission -Identity <UserUPN>:\<FolderName> -User <DelegatedUserUPN>
Here, replace <UserUPN> with the mailbox folder owner’s UPN.
Replace <FolderName> with the mailbox folder name.
Replace <DelegatedUserUPN> with the user who has delegated access to the folder.
Execution of this cmdlet removes the permission of the delegated user for the specified folder in the mailbox.
You can easily export the Outlook mailbox folder permissions with the help of the following PowerShell cmdlet.
Get-MailboxFolderPermission -Identity <UserUPN>:\<FolderName> | Export-CSV <FilePath>
Replace the <UserUPN>, <FolderName>, and <FilePath> with the appropriate values for exporting the mailbox permission details of a particular folder.
Also, you can use the PowerShell script to export Microsoft 365 mailbox permissions like Full Access, Send As, and Send on Behalf.
Admins can easily manage calendar folder permissions in PowerShell. This can be done with the help of the following cmdlets:
- Add-MailboxFolderPermission
- Get-MailboxFolderPermission
- Get-MailboxCalendarFolder
- Set-MailboxFolderPermission
- Remove-MailboxFolderPermission
These cmdlets help admins to get, add, configure, and remove calendar folder permission in Microsoft 365 mailboxes.
Furthermore, you can also export Microsoft 365 calendar permissions with various filters using PowerShell scripting.
Why struggle through the intricacies of PowerShell to monitor and track access permission modifications within Exchange Online folders? Keeping an eye on mailbox folder changes can often be a challenging task, involving intricate commands and procedures.
Introducing AdminDroid, your comprehensive solution to effortlessly obtain detailed reports on Microsoft 365 mailbox folders. The mailbox folder changes report gives details like adding, removing, and modifying mailbox permissions that happened in Exchange Online mailboxes. Also, the mailbox folder permissions report allows admins to track the access permission modifications made on Exchange mailbox folders. These two reports are available within the mailbox permission changes report collections. This report collection consists of the following reports along with the mailbox folder changes and permission report.
- Mailbox Permission Changes
- Mailbox Folder Changes
- Send As Permission Changes
- Public Folder Permission Changes
- Mailbox Folder Permission Changes
The Exchange Online auditing tool also provides extensive audit reports about the changes and activities that happened in Microsoft 365 mailboxes. In addition to mailbox permission changes report, the audit report covers information on Microsoft 365 mailbox activities, mailbox access permissions, and configuration changes overcoming the inherent challenges of using native mailbox auditing tools.
Furthermore, AdminDroid’s Exchange Online reporting tool encompasses details about mailbox information, mailbox usage, mailbox permissions, mailbox security, mailbox settings, and more. It provides in-depth details with graphical representation and advanced filters for enhanced analysis.
Why AdminDroid Stand Out?
Moreover, AdminDroid’s Exchange Online management tool allows you to track, schedule, and receive alerts on any suspicious Exchange Online activity with 170+ vibrant reports. Also, AdminDroid provides 1800+ inclusive reports and 30+ dashboards for Microsoft 365 services, including Azure AD, Yammer, Power BI, SharePoint Online, etc. All the features and functionalities of the AdminDroid premium edition come free for 15 days.
Don’t wait! Download AdminDroid and unlock powerful insights into your Microsoft 365 environment.
Overall, I hope that this complete blog will provide you with an overview of mailbox folder permission management in Exchange Online. Feel free to leave your thoughts and queries in the comments section.