Find admin user who gave send as and send on behalf permission to another user and also receive an alert when this operation happens RRS feed

  • Question

  • I would like to know a power-shell script to know the admin user and if possible get an alert when someone is granted send as of send on behalf delegate permissions

    • Edited by tegsy24 Monday, February 3, 2020 8:22 AM
    Monday, February 3, 2020 1:37 AM

All replies

  • To view all mailboxes with send as permission assigned in the PowerShell window, use this:

    Get-Mailbox | where {$_.GrantSendOnBehalfTo -ne $null} | select Name,Alias,PrimarySmtpAddress,GrantSendOnBehalfTo

    To get a list of users who have Send on Behalf permission on mailboxes

    Get-Mailbox | where {$_.GrantSendOnBehalfTo -ne $null} | select Name,Alias,UserPrincipalName,PrimarySmtpAddress,@{l='SendOnBehalfOf';e={$_.GrantSendOnBehalfTo -join ";"}} | Export-CSV "D:\SendOnBehalf.csv"

    You can get some more information by running message trace and view the results in the Exchange admin center:

    Additionally, you may also get help from Office 365 auditing solution - LepideAuditor.
    Monday, February 3, 2020 7:28 AM
  • Thanks for your reply JustinRappid but you understood me 

    This exactly what I what, I do understand how to get a list of all with send on and send on behalf permissions.

    But in our organisation we have many global admins and we will like to know when a User is given send as and send on behalf permission to another user by a global admin by creating an alert policy.

    I used the add delegate permission but in Audit log to set an alert but this only pulls result when a user is given full access rights, its pulls nothing for send on and send on behalf permissions.

    I tried using the below powershell script but does not seem to work.

    New-ActivityAlert -Name "Who grant Send As Permission" -Operation Add-RecipientPermission -NotifyUser notifiyemailaddress -Description "Notification for who grant send as permission"

    Please will need help on this

    Monday, February 3, 2020 8:39 AM
  • You can create an activity alert that will send you an email notification when users perform specific activities in Office 365:

    You can check and further investigate this in Security and Compliance Center -"Alerts"

    Alert policies in the security and compliance center
    Monday, February 3, 2020 12:50 PM