Cont​ents



  1. ​​Connecting to Office 365 via Powershell​

  2. Office 365 Access Rights​

  3. Granting Permissions

  4. Removing Permissions​

  5. Export Users and Licenses (Office 365)​


 


1. ​​​​​​​​​Connecting to Office 365 via Powershell


​​​Run the following from an Administrative instance of the Azure Active Directory Module for Windows Powershell



  1. Connect-msolservice

  2. $LiveCred = Get-Credential

  3. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

  4. Import-PSSession $Session


 

2. ​​Office 365 Access Rights


​The following are the access rights that can be assigned within Office 365



  • ​None: FolderVisible

  • Owner: CreateItems, ReadItems, CreateSubFolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems,DeleteOwnedItems, DeleteAllItems

  • PublishingEditor: CreateItems, ReadItems, CreateSubFolders, FolderVisible, EditOwnedItems, EditAllItems,DeleteOwnedItems, DeleteAllItems

  • Editor: CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems,DeleteOwnedItems, DeleteAllItems

  • PublishingAuthor:  CreateItems, ReadItems, CreateSubFolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • Author: CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • NonEditingAuthor: CreateItems, ReadItems, FolderVisible

  • Reviewer: ReadItems, FolderVisible

  • Contributor: CreateItems, FolderVisible


The following roles apply specifically to Mailboxes



  • FullAccess​: This permission allows a delegate to open a user’s mailbox and access the contents of the mailbox

  • SendAs: This permission allows a delegate to send emails as that user/mailbox

  • Send​OnBehalf: This permission allows a delegate to send on behald of the user/mailbox. This will be relected in the From​ address of any messages sent.​



​The following roles are specific for Calendars



  • AvalibilityOnly: View Free/Busy information only

  • LimitedDetails​: View Free/Busy with Subject and Location of appointment


 

3. ​Granting Permissions​


To grant permissions to a mailbox



  • ​Add-MailboxPermission "%User1%" -AccessRights %AccessRight% -User "%User2%"


To grant permissions to a calendar



  • ​​Add-MailboxFolderPermission "%User1%:\calendar" -AccessRights %AccessRight% -User "%User2%"​


 


​4. Removing Permissions​


Revoke Full Access Permissons










Remove-MailboxPermission  John -User Suzan -AccessRights FullAccess



Revoke Send AS Permissions











 




Remove-RecipientPermission John -AccessRights SendAs -Trustee Suzan -Confirm:$False



​Export Users and Licenses (Office 365)


Get-MSOLUser | % { $user=$_; $_.Licenses | Select {$user.displayname},AccountSKuid } | Export-CSV "c:\sample.csv" -NoTypeInformation

 

PowerShell Commands - Useful Link to check out