Mailbox permissions are not currently collected as part of the Microsoft 365 Dataprint. This data is critical for security audits, compliance reviews, and ongoing access governance. Adding mailbox permission visibility would enable MSPs to audit who has access to what mailbox data across all clients.

At present, Liongard does not pull mailbox permission data such as:

Full Access

Send As

Send on Behalf

Delegate permissions

Shared mailbox access assignments

Without this information:

MSPs cannot accurately audit mailbox access

Unauthorized or excessive access can go undetected

Manual PowerShell audits are required, which do not scale

Reporting to clients on mailbox access and data exposure is incomplete

Requested Enhancement

Enhance the Microsoft 365 Dataprint to collect and store mailbox permission data, including:

User mailboxes

Shared mailboxes

Permission type (Full Access, Send As, etc.)

Assigned user/service account

Inherited vs explicitly assigned permissions (if possible)

Metrics & Reporting Use Case

With this data available, MSPs could:

Create metrics to track mailbox access changes over time

Identify users with excessive or non-standard mailbox access

Generate standardized reports showing who has access to which mailboxes

Compare permissions across all tenants to identify security outliers

Support compliance frameworks and client audit requests

Business Value

Improves security posture and access governance

Enables proactive remediation of mailbox permission risks

Provides high-quality, audit-ready reporting to clients

Saves significant time compared to manual PowerShell audits

Adds strong value for MSPs managing multiple M365 tenants

This feature would be invaluable for MSPs managing multiple clients, allowing them to true up mailbox permissions, reduce security risk, and deliver clear, actionable reporting on mailbox access across all environments.