Remove a single user’s permissions from all mailboxes in Office 365

Longest title in history?

A while back we were doing some troubleshooting and we added an administrator’s account to have read permissions on all of our mailboxes. Mailboxes permissions came up as a topic yesterday in a conversation I was having and I remembered I had meant to clean this up. I could have gone about this a bunch of different ways, but ultimately I wanted to create a script in case I ever needed it again. Continue reading “Remove a single user’s permissions from all mailboxes in Office 365”

Outlook 2016 – Stop Displaying Mailboxes for Other Users

As an admin occasionally you’ll give yourself permissions to a mailbox. And then you’ll remember Outlook conveniently auto-maps that mailbox for you. Easy fix.
Close Outlook. Open Powershell.

Add-MailboxPermission -Identity targetuser@foo -User youradmin@foo -AccessRights FullAccess -AutoMapping:$false

Open Outlook. Enjoy the emptiness of the side bar.

You can/should also (once the mailbox disappears from Outlook) remove the permissions completely.

Remove-MailboxPermission -Identity targetuser@foo -User youradmin@foo -AccessRights FullAccess -InheritanceType All

Delete an email from all mailboxes in O365



Shamelessly borrowed from:


# Get login credentials 
$UserCredential = Get-Credential 
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session -AllowClobber -DisableNameChecking $Host.UI.RawUI.WindowTitle = $UserCredential.UserName + " (Office 365 Security & Compliance Center):"
# search for the email in all mailboxes
New-ComplianceSearch -Name "Easy-To-Identify-Name" -ExchangeLocation all -ContentMatchQuery 'sent>=12/01/2017 AND sent<=12/30/2017 AND subject:"announcement" AND from:""'
Start-ComplianceSearch -Identity "Easy-To-Identify-Name"

# wait a minute and view the results
Get-ComplianceSearch -Identity "Easy-To-Identify-Name"
Get-ComplianceSearch -Identity "Easy-To-Identify-Name" | Format-List

# delete the messages if the results look right
New-ComplianceSearchAction -SearchName "Easy-To-Identify-Name" -Purge -PurgeType SoftDelete

# check when it is completed
Get-ComplianceSearchAction -Identity "Easy-To-Identify-Name_Purge"