Category Archives: M365Permissions

M365Permissions v1.0.4

  • [Feature] Add mailbox folder level permission scanning
  • [Feature] Added support for concurrent runs
  • [Feature] Allow running only for Onedrive (-excludeOtherSites)
  • [Bugfix] Do not double select sub-channels when running for a specific Team
  • [Bugfix] Fix unable to connect for certain types of subsites
  • [Bugfix] Only check PIM when licensed for Entra P2
  • [Bugfix] Fix progress bars from displaying progress incorrectly
  • [Bugfix] Exclude auditor even if it doesn’t have a mailbox

For more info, check the M365Permissions module page, Github or PSGallery

M365Permissions v1.0.3

This version, a tab was added that lists all groups with their members and owners to make it easier to cross-reference / pivot any of the result tabs with data from other M365 resources and e.g. identify potential identities that could escalate their permissions through their group associations.

For more info, check the M365Permissions module page, Github or PSGallery

M365Permissions v1.0.2 – Exchange Online

This version I’ve added Exchange Online to the supported resources!

All updates / changes since v1.0.1:

  1. Exchange Online Admin Roles
  2. Exchange Online Send As rights (groups, mailboxes etc etc)
  3. Exchange Online Send On Behalf (mailboxes)
  4. Exchange other Mailbox Permissions (full control etc)
  5. enhanced token handling (1 prompt instead of per API)
  6. auto setup and instructions at module load
  7. Ignore Current User support for the EntraID resource

For more info, check the M365Permissions module page, Github or PSGallery

M365Permissions Module

Let’s be honest, the TeamPermissions module ‘s name has quickly lost touch with what it does (already doing Sharepoint and Onedrive as well).

Adding the overwhelming number of positive reactions and rapid adoption, I want to add even more features:

  1. Scanning EntraID roles
  2. Scanning Exchange roles
  3. Scanning Mailbox permissions
  4. Change detection (between scans)
  5. Scanning Azure RM roles
  6. Scanning PowerBI roles
  7. SPN based scanning

So I’ve decided to rename it to M365Permissions!

Obviously it’ll take a lot of time/work to get above coded up and tested.

But for now I can already give you the M365Permissions PowerShell module, which includes:

  • EntraID roles (permanent and eligible)
  • Lots of bug fixes
  • Performance improvements (especially with lots of small sites)
  • Everything the TeamPermissions module did

Please give it a spin and let me know what other features you’d like to see!

Other links:

M365Permissions in the PSGallery

M365Permissions on Github