How to Remove User Access from Shared Mailboxes Using PowerShell

Introduction

Managing shared mailboxes in Microsoft 365 can become a complex task—especially when access permissions need to be cleaned up or removed. This blog post will guide you step-by-step on how to use a PowerShell script to remove both ‘Full Access’ and ‘Send As’ permissions for a specific user from multiple shared mailboxes. We’ll explain everything in simple, human-readable language so even non-technical users can follow along.

Prerequisites

Before running the script, make sure:

• – You have the Exchange Online PowerShell module installed.
• – You’re logged in with an account that has permission to modify mailbox access.

– The CSV file containing the shared mailbox email addresses is properly formatted and accessible.

Script Overview

This script will:

• – Read shared mailbox email addresses from a CSV file.
• – Remove both ‘Full Access’ and ‘Send As’ permissions for a specified user.
• – Display confirmation messages for each mailbox processed.

Detailed Script Breakdown

Full Script:

# Script to remove 1 user Full Access and Send As permissions from shared mailboxes

# User to remove permissions for
$userToRemove = "UserEmailAddress"

# Path to the CSV with shared mailboxes
$inputCsv = "C:\Users\Desktop\SharedMailboxesDetails.csv"

# Import shared mailboxes
$mailboxes = Import-Csv -Path $inputCsv

foreach ($mailbox in $mailboxes) {
    $mailboxEmail = $mailbox.SMEmailAddress

    # Remove Full Access
    Remove-MailboxPermission -Identity $mailboxEmail -User $userToRemove -AccessRights FullAccess -Confirm:$false

    # Remove Send As
    Remove-RecipientPermission -Identity $mailboxEmail -Trustee $userToRemove -AccessRights SendAs -Confirm:$false

    Write-Host "Permissions removed from $userToRemove on $mailboxEmail"
    Write-Host "------------------------------------------------------"
}

Now, let’s walk through each part of the script in a simple and clear way.

1. $userToRemove = “UserEmailAddress”

   – Replace ‘UserEmailAddress’ with the email of the user you want to remove permissions for.

2. $inputCsv = “C:\\Users\\Desktop\\SharedMailboxesDetails.csv”

   – This is the path to the CSV file containing shared mailbox addresses. Make sure the file exists and the path is correct.

3. Import-Csv -Path $inputCsv

   – This reads the CSV file and stores the contents in the `$mailboxes` variable. Each row is treated as an object.

4. foreach ($mailbox in $mailboxes)

   – This loop goes through each mailbox entry from the CSV.

5. $mailbox.SMEmailAddress

   – Accesses the ‘SMEmailAddress’ column from the CSV. This should contain the shared mailbox email addresses.

6. Remove-MailboxPermission and Remove-RecipientPermission

   – These commands remove Full Access and Send As rights respectively.

7. Write-Host

   – Displays a message in the console so you know which mailbox was processed.

Script Output

When the script runs, you will see output similar to this:

Permissions removed from UserEmailAddress on sharedmailbox1@domain.com

——————————————————

Permissions removed from UserEmailAddress on sharedmailbox2@domain.com

——————————————————

This confirms that permissions were successfully removed.

Conclusion

This PowerShell script is a simple yet powerful tool to help clean up access to shared mailboxes in your organization. By automating the permission removal process, you reduce the risk of human error and save valuable administrative time. Always test scripts in a controlled environment before deploying them organization-wide, and ensure you have backups or audit logs in place.