May 20 2020 03:21 AM
Hi All
Could anyone advise me on how I can run powershell against Exchange Online to list all shared mailboxes with sigin enabled and then how to block signin using powershell?
Would be a great help if somene could advise.
Kind regards
May 20 2020 07:51 AM
I'm sure there is a better way to do it but this is the best my brain can come up with at the moment:
two steps - first connect to powershell and get a list of shared mailboxes and pump them to get-msol user so you get the UserPrincipalName, and pump this to a txt file.
Get-Mailbox -Filter {recipienttypedetails -eq "SharedMailbox"} | get-MsolUser | ft userprincipalname > c:\support\sharedmailboxes.txt
Tidy up the text file - remove the header and make sure each UPN is on it's own line with no spaces. Then run the below to disable the accounts, referencing the amended txt file
Get-Content "C:\support\sharedmailboxes_disable.txt" | ForEach { Set-MsolUser -UserPrincipalName $_ -BlockCredential $true }
This will run through the list you have disable. Change the flag to $true if you want to enable them en-masse again.
Confirm this has worked with
Get-Mailbox -Filter {recipienttypedetails -eq "SharedMailbox"} | get-MsolUser | ft userprincipalname,blockcredential
Like I said I'm sure that there is a more elegant one-liner out there, but I'm not brilliant at Powershell.
Hope this helps,
Mark
May 20 2020 09:37 AM
The above should work, but what's the end goal here? Shared mailboxes are accessed via delegate permissions, you're not supposed to login to them directly by using the username/password corresponding to the shared mailbox account, so it doesn't make that big of a difference if the account is enabled or not. Technically, they are all enabled by default, and technically you can indeed login to them, although it's against the license terms.
May 20 2020 10:10 AM
May 21 2020 12:56 AM
May 21 2020 12:58 AM
@Vasil Michev Its basically for security. Just closes another potential hole.