Managing calendar permissions in Office 365 is crucial for maintaining security and ensuring that sensitive scheduling information is only accessible by authorized personnel. This guide will walk you through checking, adding, and removing calendar permissions for a single user and in bulk. Additionally, we will cover how to export results to a CSV file for auditing purposes.
1. Checking Calendar Permissions for a Single User
To check who has access to a specific user’s calendar, use the following PowerShell command:
Get-MailboxFolderPermission -Identity user@domain.com:\Calendar
Example Output:
| User | AccessRights |
|---|---|
| Default | LimitedDetails |
| Manager@domain.com | Reviewer |
| HR@domain.com | Editor |
- The Default user represents permissions given to everyone in the organization.
- The Anonymous user represents permissions given to external users.
- Specific users can be granted different levels of access such as Reviewer, Editor, or Owner.
2. Adding Calendar Permissions for a Single User
To grant access to a user on another user’s calendar, use:
Add-MailboxFolderPermission -Identity user@domain.com:\Calendar -User recipient@domain.com -AccessRights Reviewer
Common Access Rights:
- Reviewer – Read-only access
- Editor – Can read, create, and modify items
- Owner – Full control, including permissions management
- AvailabilityOnly – View only free/busy status
3. Removing Calendar Permissions for a Single User
To remove a user’s access from a specific calendar:
Remove-MailboxFolderPermission -Identity user@domain.com:\Calendar -User recipient@domain.com
To remove Default or Anonymous permissions:
Remove-MailboxFolderPermission -Identity user@domain.com:\Calendar -User Default
Remove-MailboxFolderPermission -Identity user@domain.com:\Calendar -User Anonymous
4. Checking Calendar Permissions for All Users in Bulk
To generate a report of calendar permissions for all users, use the following script:
Connect-ExchangeOnline -UserPrincipalName admin@domain.com
$mailboxes = Get-Mailbox -ResultSize Unlimited
$calendarPermissions = @()
foreach ($mailbox in $mailboxes) {
$permissions = Get-MailboxFolderPermission -Identity "$($mailbox.PrimarySmtpAddress):\Calendar" -ErrorAction SilentlyContinue
foreach ($perm in $permissions) {
$calendarPermissions += [PSCustomObject]@{
UserMailbox = $mailbox.PrimarySmtpAddress
SharedWith = $perm.User
AccessRights = $perm.AccessRights -join ", "
}
}
}
# Export results to CSV
$reportPath = "$env:USERPROFILE\Desktop\Calendar_Permissions_Report.csv"
$calendarPermissions | Export-Csv -Path $reportPath -NoTypeInformation
Write-Host "Report generated: $reportPath"
5. Removing Calendar Permissions in Bulk
To remove a specific user’s access across all users’ calendars:
$mailboxes = Get-Mailbox -ResultSize Unlimited
foreach ($mailbox in $mailboxes) {
Remove-MailboxFolderPermission -Identity "$($mailbox.PrimarySmtpAddress):\Calendar" -User "unwanteduser@domain.com" -ErrorAction SilentlyContinue
}
To remove all users except the owner from a user’s calendar:
$permissions = Get-MailboxFolderPermission -Identity user@domain.com:\Calendar
foreach ($perm in $permissions) {
if ($perm.User -ne "user@domain.com" -and $perm.User -ne "Owner") {
Remove-MailboxFolderPermission -Identity user@domain.com:\Calendar -User $perm.User
}
}
6. Automating Calendar Permission Audits
To regularly monitor and log calendar permissions, consider scheduling the script to run automatically using Windows Task Scheduler or an Azure Automation Runbook.
- Store historical reports for comparison.
- Set alerts if unauthorized users gain access.
- Integrate with security monitoring tools for compliance.
Final Thoughts
Properly managing calendar permissions is essential for data security and operational efficiency in Office 365. By using PowerShell, administrators can efficiently audit, update, and remove calendar permissions at scale, ensuring that only the right people have access to sensitive scheduling information.