Hi @waihislam,

In order to remove the Full Access that your service account has over the mailboxes you can run:

Get-Mailbox -ResultSize Unlimited | Remove-MailboxPermission -User "your service account" -AccessRights FullAccess -Confirm:$false

And to add the required permissions over all the mailboxes calendar folder you can try this script:

$Users=Get-Mailbox -ResultSize Unlimited
$Permission = "Contributor"
foreach ($User in $Users) {
$Cal = $User.Identity.ToString() + ":\Calendar"
Add-MailboxFolderPermission -Identity $Cal -User "your service account" -AccessRights Contributor -Confirm:$false }

NOTE: Remember to add your service account to the script. If a permissions entry already exists for it, you'll need to change the "Add-MailboxFolderPermission" to "Set-MailboxFolderPermission".

This is a easy one. You can build one more complete, ( with different Calendar names in the case your users have different languages... Check if the entry already exists and run the "Set" automatically, etc... ), with the help of this article:

Set default calendar permissions for all users with PowerShell - ALI TAJRAN

Regarding the permissions level, I'll say "Contributor" is what you need. But anyway see the differences below:

Hope this helps.