Setting “SendAs” and “FullAccess” authorizations is basically old hat.
There are many blog articles and also many scripts on how this can be done for a large number of mailboxes.
Nevertheless, I have taken the time to write such a script, which I would like to share with the community.
What makes my script different from others?
Well, I don’t want to judge at this point whether my PowerShell script is better or worse than others.
The decisive question is which features and functions are expected from a script.
My script offers the following functions:
- Adding and removing “SendAs” permissions
- Adding and removing “SendAs” authorizations
- HTML report on the adjustments made.
What are the requirements for using this script?
For this PowerShell script to work properly, there are basically only 2 technical requirements:
- The script should be executed with PowerShell 7.
- Exchange online PowerShell module must be installed.
Other soft requirements are of course the necessary permissions to edit the actions of access rights to Exchange online mailboxes and a CSV file, which should be prepared before executing this script.
What must this CSV file look like?
The CSV file requires 4 pieces of information, which should be created as follows:
Header | Description |
---|---|
MailboxIdentity |
The email address or alias of the mailbox to modify. |
UserIdentity |
The email address or alias of the user to grant permissions to. |
SendAs |
Set to TRUE to grant “Send As” permission, FALSE otherwise. |
FullAccess |
Set to TRUE to grant “Full Access” permission, FALSE otherwise. |
This means that the CSV should look like this:
MailboxIdentity,UserIdentity,SendAs,FullAccess
[email protected],[email protected],TRUE,TRUE
[email protected],[email protected],TRUE,FALSE
[email protected],[email protected],FALSE,TRUE
[email protected],[email protected],TRUE,TRUE
[email protected],[email protected],TRUE,TRUE
IMPORTANT: If there are other permissions set for the mailbox defined under “MailboxIdentity” that are not included in this CSV, these permissions will be removed when the script is executed.
Why? I have also created this script with the intention of cleaning up permissions.
How does the script behave when it is executed?
![]() |
When the script is started and after the license conditions for this script have been accepted, the following dialog box appears, which explains again exactly what this PowerShell script does.
|
![]() |
Now another Windows window opens, here we can now select the prepared CSV file.
|
![]() |
The next step is to set up the connection to Exchange online.
|
![]() |
If “Yes” was clicked in the previous pop-up window, we must now authenticate ourselves with our EntraID data to the Microsoft Teanant.
|
![]() |
If we have successfully logged on to Exchange online, the summary from the CSV file will be displayed again. Please check this and if everything is OK, click on “Yes” to continue.
|
![]() |
The tasks from the CSV are now processed as specified. Each step is visible in the PowerShell console.
When all tasks have been completed, another pop-up appears asking whether an HTML report should now be created.
|
![]() |
Last but not least, there is an overview of what was actually done when this script was executed and where the HTML report is stored.
|
Reporting
After the script has run, an HTML file is created as a report. This HTML report is saved in the same place where we previously selected the CSV file.
Below is an example of how this HTML report can look.
Get the Script
As always, although I have tested and used the script several times, I cannot and will not accept any liability for the use of this script.
Readers who download the script are free to customize it according to their needs. Commercial use is allowed, but monetarization requires my explicit permission.