Mailbox permissions are not currently collected as part of the Microsoft 365 Dataprint. This data is critical for security audits, compliance reviews, and ongoing access governance. Adding mailbox permission visibility would enable MSPs to audit who has access to what mailbox data across all clients. At present, Liongard does not pull mailbox permission data such as: Full Access Send As Send on Behalf Delegate permissions Shared mailbox access assignments Without this information: MSPs cannot accurately audit mailbox access Unauthorized or excessive access can go undetected Manual PowerShell audits are required, which do not scale Reporting to clients on mailbox access and data exposure is incomplete Requested Enhancement Enhance the Microsoft 365 Dataprint to collect and store mailbox permission data, including: User mailboxes Shared mailboxes Permission type (Full Access, Send As, etc.) Assigned user/service account Inherited vs explicitly assigned permissions (if possible) Metrics & Reporting Use Case With this data available, MSPs could: Create metrics to track mailbox access changes over time Identify users with excessive or non-standard mailbox access Generate standardized reports showing who has access to which mailboxes Compare permissions across all tenants to identify security outliers Support compliance frameworks and client audit requests Business Value Improves security posture and access governance Enables proactive remediation of mailbox permission risks Provides high-quality, audit-ready reporting to clients Saves significant time compared to manual PowerShell audits Adds strong value for MSPs managing multiple M365 tenants This feature would be invaluable for MSPs managing multiple clients, allowing them to true up mailbox permissions, reduce security risk, and deliver clear, actionable reporting on mailbox access across all environments.
