EXT-08MediumEnhanced Security
Audit Mailbox Delegation
Guest & External Access control for Microsoft 365 and Entra ID
Why This Control Matters
Mailbox delegation enables users to send email as others or access their mailboxes. Unauthorized delegation can be used for impersonation attacks or to access sensitive communications without detection.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1SendAs permissions on mailboxes are documented
- 2SendOnBehalf permissions are tracked
- 3FullAccess mailbox permissions are reviewed
- 4Delegation changes are monitored
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Manual Only
Requires Exchange admin access or Microsoft Graph Reports API
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.