Reporting Exchange Online Mailbox and SendAs/On Behalf Of Permissions

Exchange Online mailboxes support SendAs, Send on Behalf Of, and FullAccess permissions. A previous script focused on the FullAccess permission. This version covers all three. It’s also a good example of how you need to pay attention to property sets when writing PowerShell code to use the new Exchange Online REST-based cmdlets.

Advertisements

Reporting Exchange Online Folder Permissions

In addition to mailbox permissions, Exchange Online supports folder-level delegated permissions. Users can create folder delegations through Outlook desktop. Like mailbox permissions, it’s a good idea for tenants to check folder-level delegations to ensure that people don’t keep permissions for longer than they should. We explain how to create a PowerShell script to generate such a report.

Reporting Exchange Online Mailbox Permissions

Exchange Online makes it easy to assign delegated permissions for user and shared mailboxes. But permissions assigned to people might not be still necessary, so it’s good to do a periodic check. In this post, we describe a script to scan for permissions on Exchange Online user and shared mailboxes and highlight non-standard permissions in a report generated as a CSV file.

Why Default Mailbox Auditing for Exchange Online Isn’t Quite as Good as It Seems

Exchange Online enables mailbox auditing by default, which should mean that audit events get to the Office 365 audit log for all E3 and E5 mailboxes. Well, that’s what you might thing but that’s not what happens. Mailbox events for E5 mailboxes arrive just fine, but you must reenable E3 mailboxes for auditing before their events flow. It’s a bizarre situation.

Capturing “Crucial” Office 365 Audit Events Requires E5 Licenses

Microsoft has released information about high-value Office 365 audit events and audit event retention policies. Both are part of a Microsoft 365 Advanced Audit offering. The MailItemsAccessed event is the first high-value audit event (we can expect more) and the retention policies are used to purge unneeded events from the Office 365 audit log.

Why Basic Authentication for Exchange Online is So Bad

Some doubt that Exchange Online will disable basic authentication for five email connection protocols in October 2020. The refrain is that it will be too hard for customers. Well, it might be hard to prepare to eliminate basic authentication, but if you don’t, your Office 365 tenant will be increasingly threatened by attacks that exploit known weaknesses.

Adding Your Personal Calendar to OWA

You can now add your personal Outlook.com or Gmail calendars to your work OWA calendar. The integration allows for only one personal calendar, and OWA synchronizes events from the personal calendar to make sure that people don’t schedule work events when you have personal commitments. TeamSnap calendars are also supported (real-only), but this feature is likely to not be used outside the U.S.

Time Running Out for Exchange Online Basic Authentication

Microsoft plans to disable basic authentication for five Exchange Online connection protocols on October 13, 2020. They’ve been clear on this point for several months and are now moving to deliver tools and provide guidance about what people should do about clients that use basic auth connections with Exchange Web Services, Exchange ActiveSync, IMAP4, POP3, and Remote PowerShell. Work is needed to make sure that clients are prepared for the switchover to modern authentication.

Microsoft Updates Exchange Online Management PowerShell Module

A new version of the Exchange Online management PowerShell module is available. The update includes a number of bug fixes (including some security upgrades) and new features. You should upgrade to the new version as soon as possible and keep an eye out for more changes in the future.