Non-Owner Mailbox Access Report

Spl handling for send as and send-on-behalf activities to get an accurate result
2025-12-17 08:25:20 +00:00 · 2024-09-24 15:03:09 +05:30 · 2024-09-24 15:03:09 +05:30 · b6f95438dd
commit b6f95438dd
parent 8997bd5fec
1 changed files with 24 additions and 10 deletions
--- a/Report/NonOwnerMBAccessReport.ps1
+++ b/Report/NonOwnerMBAccessReport.ps1
@ -4,6 +4,7 @@ Name:           Export Non-Owner Mailbox Access Report
 Version:        2.0
 Website:        o365reports.com

+
 Script Highlights: 
 ~~~~~~~~~~~~~~~~~~

@ -15,6 +16,16 @@ Script Highlights:
 6.The script supports Certificate-based authentication too.

 For detailed script execution:  https://o365reports.com/2020/02/04/export-non-owner-mailbox-access-report-to-csv/
+
+
+
+Change Log
+~~~~~~~~~~
+
+    V1.0 (Feb 17, 2020) - File created
+    V1.1 (Oct 06, 2023) - Minor changes
+    V2.0 (Nov 25, 2023) - Added certificate-based authentication support to enhance scheduling capability
+    V2.1 (Sep 24, 2024) - Special handling done to track send as and send-on-behalf activities accurately.
 ============================================================================================
 #>

@ -101,7 +112,7 @@ $OutputCSV=".\NonOwner-Mailbox-Access-Report_$((Get-Date -format yyyy-MMM-dd-ddd
 $IntervalTimeInMinutes=1440    #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)'
 $CurrentStart=$StartDate
 $CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes)
-$Operation='ApplyRecord','Copy','Create','FolderBind','HardDelete','MessageBind','Move','MoveToDeletedItem','RecordDelete','SendAs','SendOnBehalf','SoftDelete','Update','UpdateCalendarDelegation','UpdateFolderPermissions','UpdateInboxRules'
+$Operation='ApplyRecord','Copy','Create','FolderBind','HardDelete','MessageBind','Move','MoveToDeletedItems','RecordDelete','SendAs','SendOnBehalf','SoftDelete','Update','UpdateCalendarDelegation','UpdateFolderPermissions','UpdateInboxRules'


 #Check whether CurrentEnd exceeds EndDate(checks for 1st iteration)
@ -168,12 +179,12 @@ while($true)
   if($AuditData.Operation -eq "SendAs")
   {
    $AccessedMB=$AuditData.SendAsUserSMTP
-    $AccessedBy=$AuditData.MailboxOwnerUPN
+    $AccessedBy=$AuditData.UserId
   }
   elseif($AuditData.Operation -eq "SendOnBehalf")
   {
    $AccessedMB=$AuditData.SendOnBehalfOfUserSmtp
-    $AccessedBy=$AuditData.MailboxOwnerUPN
+    $AccessedBy=$AuditData.UserId
   }
   else
   {
@ -185,15 +196,16 @@ while($true)
    Continue
   }
  $NonOwnerAccess++
-  $AllAudits=@{'Access Time'=$AuditData.CreationTime;'Accessed by'=$AccessedBy;'Performed Operation'=$AuditData.Operation;'Accessed Mailbox'=$AccessedMB;'Logon Type'=$LogonType;'Result Status'=$AuditData.ResultStatus;'External Access'=$AuditData.ExternalAccess}
+  $AllAudits=@{'Access Time'=$AuditData.CreationTime;'Accessed by'=$AccessedBy;'Performed Operation'=$AuditData.Operation;'Accessed Mailbox'=$AccessedMB;'Logon Type'=$LogonType;'Result Status'=$AuditData.ResultStatus;'External Access'=$AuditData.ExternalAccess;'More Info'=$Result.auditdata}
  $AllAuditData= New-Object PSObject -Property $AllAudits
-  $AllAuditData | Sort 'Access Time','Accessed by' | select 'Access Time','Logon Type','Accessed by','Performed Operation','Accessed Mailbox','Result Status','External Access' | Export-Csv $OutputCSV -NoTypeInformation -Append
+  $AllAuditData | Sort 'Access Time','Accessed by' | select 'Access Time','Logon Type','Accessed by','Performed Operation','Accessed Mailbox','Result Status','External Access','More Info' | Export-Csv $OutputCSV -NoTypeInformation -Append
 }
 }
- Write-Progress -Activity "`n     Retrieving audit log from $StartDate to $EndDate.."`n" Processed audit record count: $AggregateResults"
  #$CurrentResult += $Results
 $currentResultCount=$CurrentResultCount+($Results.count)
 $AggregateResults +=$Results.count
+  Write-Progress -Activity "`n     Retrieving audit log for $CurrentStart : $CurrentResultCount records"`n" Total processed audit record count: $AggregateResults"
+
 if(($CurrentResultCount -eq 50000) -or ($Results.count -lt 5000))
 {
  if($CurrentResultCount -eq 50000)
@ -232,6 +244,10 @@ while($true)
 }
 }

+Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
+Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
+  
+
 If($AggregateResults -eq 0)
 {
 Write-Host No records found
@ -244,8 +260,6 @@ else
 {
  Write-Host `nThe Output file available in: -NoNewline -ForegroundColor Yellow
  Write-Host $OutputCSV 
-  Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
-  Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
    $Prompt = New-Object -ComObject wscript.shell
  $UserInput = $Prompt.popup("Do you want to open output file?",`
 0,"Open Output File",4)