Delegating calendar access is one of the popular Exchange features. It allows to share the calendars with other people with specific access rights. It’s easy for users to delegate access to their calendars.
Since the mailbox calendars can be shared with both internal and external users, managing calendar permission requires additional care.
How to View Calendar Permissions in Office 365 using PowerShell?
Despite being the admin, you cannot view mailboxes’ shared calendar settings through Admin Centers. The only option left is PowerShell. Unfortunately, PowerShell needs multiple PowerShell cmdlets to retrieve calendar permissions.
- A mailbox can have multiple calendars, including built-in and user-created calendars. To list all the calendars for a user, you can use ‘Get-MailboxFolderStatistics’.
- For each calendar folder, you need to use ‘Get-MailboxFolderPermission’ to view the shared calendar permissions.
- If you want to view calendar permissions for a few mailboxes, the above cmdlets are sufficient. But, if you need to view for all the mailboxes, you must use the ‘Get-Mailbox’ cmdlet.
To ease your work, we have created a PowerShell script to generate 6 different calendar permissions reports. By using inbuilt filtering params, you can export the required report.
Script Download: GetMailboxCalendarPermissions.ps1
- Generates 6 different mailbox calendar permissions reports.
- The script uses modern authentication to retrieve calendar permissions.
- The script can be executed with MFA enabled account too.
- Exports report results to CSV file.
- Allows you to track all the calendars’ permission
- Helps to view default calendar permission for all the mailboxes
- Displays all the mailbox calendars to which a user has access.
- Lists calendars shared with external users.
- Helps to find out calendar permissions for a list of mailboxes through input CSV.
- Automatically install the EXO V2 module (if not installed already) upon your confirmation.
- The script is scheduler-friendly. I.e., Credential can be passed as a parameter instead of saving inside the script.
Get Mailbox Calendar Permissions Report – Script Overview
Using the script, you can obtain granular data about the calendars and access rights to other Office 365 users. You can quickly generate various calendar permissions reports. We have listed a few significant use cases below,
- Get calendar permission for all users
- Export calendars shared with external users
- List all calendars a user has access to
- View all calendars’ sharing permissions (including default and anonymous sharing)
- Get default calendar permission
- Retrieve calendar permissions for list of mailboxes (input CSV)
- Schedule calendar permission report
Get Calendar Permissions for All Users in Office 365:
The mailbox calendars can be delegated to other Office 365 users for business purposes. So, the administrators are responsible for data security and privacy. They should know if the granted calendar access is appropriate and fully compliant with the organization’s policy. You can use the format below to get all the shared calendars with delegated access rights.
Using the above format, you can quickly get all permissions in a calendar. The ‘Access Rights’, ‘Shared To’, and ‘Sharing Permissions Flag’ columns in the report help you get the primary information of the calendar sharing.
Note: The report does not include the default and anonymous calendar sharing permission. You can run the script with -ShowAllPermission switch to view all the permissions including, default and anonymous calendar permission.
Export Calendars Shared with External Users:
Sometimes Office 365 users share their calendars with people outside the organization to find a common meeting time. The mailbox owner is responsible for revoking calendar access granted to external users once the activity completes.
To view calendars shared outside the organization, you can run the script with – ExternalUsersCalendarPermissions param.
The above format lists all the calendars, which have been shared with external users, along with the access rights. By referring to this report, the admin/mailbox owner can remove the sharing permission.
List All Calendars a User has Access To:
How to view all calendars a user has permission to access? – I have seen this question in many forums. So, I have decided to include that use case too. To display all mailbox calendars to which a user has access, run the script with – DisplayAllCalendarsSharedTo param along with the user’s identity.
.\GetMailboxCalendarPermissions.ps1 -DisplayAllCalendarsSharedTo firstname.lastname@example.org
The above example retrieves all the calendars shared with John and the level of access allowed.
View all Calendars’ Sharing Permissions:
By default, the script excludes default and anonymous calendar permissions in all other use cases. To view calendars with all the sharing permissions including, default and anonymous permissions, run the script with –ShowAllPermissions switch param.
Default – Shows the permissions for users in your organization or authenticated users.
Anonymous – Shows the permission for external and non-authenticated users.
By referring to this report, the admin can change default calendar permission and modify/disable anonymous calendar sharing.
Get Default Calendar Permission:
Default calendar permission is the level of access allowed to people inside the organization. By default, the value is set as ‘AvailabliityOnly’. Most organizations prefer ‘LimitedDetails’ instead of the default ‘AvailabilityOnly’ due to the data visibility.
To view the default sharing policy for all Office 365 users’ calendars, execute the script with –DefaultCalendarPermissions switch param.
With this report, admins can identify default calendar permission and modify them if required.
Find Calendar Permissions for List of Mailboxes using Input CSV File:
Generating calendar permissions report for all users is time-consuming, specifically in large environments. To verify calendar folder permissions for a few mailboxes, you can pass the input CSV file with specific mailboxes’ identities.
.\GetMailboxCalendarPermissions.ps1 -CSVIdentityFile C:/InputFile.csv
The mailbox names CSV File must follow the format below: Identity of mailboxes separated by new line without a header. Identity can be Display Name/ Alias/ Distinguished Name/ Canonical DN/ Email Address or GUID of mailboxes.
Note: You can combine other params with –CSVIdentityFile to get a more granular calendar permission report.
.\GetMailboxCalendarPermissions.ps1 -CSVIdentityFile C:/InputFile.csv -ExternalUsersCalendarPermissions
This example processes the mailboxes in the CSV file and exports their calendars which are shared with external users.
Schedule Office 365 Calendar Permission Report:
It is essential to verify the calendar sharing settings regularly, as they can be changed by users. To automate the report generation, you can run the script in the Windows Task Scheduler as PowerShell scheduled task.
.\GetMailboxCalendarPermissions.ps1 -UserName email@example.com -Password XXX -ShowAllPermissions
The above format retrieves all mailboxes’ calendar permissions including, default and anonymous access rights.
Note: If the admin account has MFA, then you cannot use it directly for scheduling. Instead, you have to disable MFA based on the Conditional Access Policy to make it work.
We hope this blog helps you know the calendar permissions elaborately. Let us know your questions and comments.