Longest title in history?
A while back we were doing some troubleshooting and we added an administrator’s account to have read permissions on all of our mailboxes. Mailboxes permissions came up as a topic yesterday in a conversation I was having and I remembered I had meant to clean this up. I could have gone about this a bunch of different ways, but ultimately I wanted to create a script in case I ever needed it again. Continue reading “Remove a single user’s permissions from all mailboxes in Office 365”
As an admin occasionally you’ll give yourself permissions to a mailbox. And then you’ll remember Outlook conveniently auto-maps that mailbox for you. Easy fix.
Close Outlook. Open Powershell.
Add-MailboxPermission -Identity targetuser@foo -User youradmin@foo -AccessRights FullAccess -AutoMapping:$false
Open Outlook. Enjoy the emptiness of the side bar.
You can/should also (once the mailbox disappears from Outlook) remove the permissions completely.
Remove-MailboxPermission -Identity targetuser@foo -User youradmin@foo -AccessRights FullAccess -InheritanceType All
Shamelessly borrowed from:
# Get login credentials
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber -DisableNameChecking $Host.UI.RawUI.WindowTitle = $UserCredential.UserName + " (Office 365 Security & Compliance Center):"
# search for the email in all mailboxes
New-ComplianceSearch -Name "Easy-To-Identify-Name" -ExchangeLocation all -ContentMatchQuery 'sent>=12/01/2017 AND sent<=12/30/2017 AND subject:"announcement" AND from:"email@example.com"'
Start-ComplianceSearch -Identity "Easy-To-Identify-Name"
# wait a minute and view the results
Get-ComplianceSearch -Identity "Easy-To-Identify-Name"
Get-ComplianceSearch -Identity "Easy-To-Identify-Name" | Format-List
# delete the messages if the results look right
New-ComplianceSearchAction -SearchName "Easy-To-Identify-Name" -Purge -PurgeType SoftDelete
# check when it is completed
Get-ComplianceSearchAction -Identity "Easy-To-Identify-Name_Purge"