1. ​​Connecting to Office 365 via Powershell​

  2. Office 365 Access Rights​

  3. Granting Permissions

  4. Removing Permissions​

  5. Export Users and Licenses (Office 365)​


1. ​​​​​​​​​Connecting to Office 365 via Powershell

​​​Run the following from an Administrative instance of the Azure Active Directory Module for Windows Powershell

  1. Connect-msolservice

  2. $LiveCred = Get-Credential

  3. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $LiveCred -Authentication Basic -AllowRedirection

  4. Import-PSSession $Session


2. ​​Office 365 Access Rights

​The following are the access rights that can be assigned within Office 365

  • ​None: FolderVisible

  • Owner: CreateItems, ReadItems, CreateSubFolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems,DeleteOwnedItems, DeleteAllItems

  • PublishingEditor: CreateItems, ReadItems, CreateSubFolders, FolderVisible, EditOwnedItems, EditAllItems,DeleteOwnedItems, DeleteAllItems

  • Editor: CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems,DeleteOwnedItems, DeleteAllItems

  • PublishingAuthor:  CreateItems, ReadItems, CreateSubFolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • Author: CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • NonEditingAuthor: CreateItems, ReadItems, FolderVisible

  • Reviewer: ReadItems, FolderVisible

  • Contributor: CreateItems, FolderVisible

The following roles apply specifically to Mailboxes

  • FullAccess​: This permission allows a delegate to open a user’s mailbox and access the contents of the mailbox

  • SendAs: This permission allows a delegate to send emails as that user/mailbox

  • Send​OnBehalf: This permission allows a delegate to send on behald of the user/mailbox. This will be relected in the From​ address of any messages sent.​

​The following roles are specific for Calendars

  • AvalibilityOnly: View Free/Busy information only

  • LimitedDetails​: View Free/Busy with Subject and Location of appointment


3. ​Granting Permissions​

To grant permissions to a mailbox

  • ​Add-MailboxPermission "%User1%" -AccessRights %AccessRight% -User "%User2%"

To grant permissions to a calendar

  • ​​Add-MailboxFolderPermission "%User1%:\calendar" -AccessRights %AccessRight% -User "%User2%"​


​4. Removing Permissions​

Revoke Full Access Permissons

Remove-MailboxPermission  John -User Suzan -AccessRights FullAccess

Revoke Send AS Permissions


Remove-RecipientPermission John -AccessRights SendAs -Trustee Suzan -Confirm:$False

​Export Users and Licenses (Office 365)

Get-MSOLUser | % { $user=$_; $_.Licenses | Select {$user.displayname},AccountSKuid } | Export-CSV "c:\sample.csv" -NoTypeInformation


PowerShell Commands - Useful Link to check out