EXT-08: Audit Mailbox Delegation

Frequently asked questions about implementing and managing the EXT-08 security control in Microsoft 365 and Entra ID.

Q
What is EXT-08 (Audit Mailbox Delegation)?
A

EXT-08 is a security control that mailbox delegation enables users to send email as others or access their mailboxes. unauthorized delegation can be used for impersonation attacks or to access sensitive communications without detection. It requires that sendas permissions on mailboxes are documented and sendonbehalf permissions are tracked, fullaccess mailbox permissions are reviewed, delegation changes are monitored.

Related controls:EXT-08
Q
Why is Audit Mailbox Delegation important for Microsoft 365 security?
A

Mailbox delegation enables users to send email as others or access their mailboxes. Unauthorized delegation can be used for impersonation attacks or to access sensitive communications without detection.

Related controls:EXT-08
Q
How do I implement EXT-08 in my tenant?
A

EXT-08 requires manual implementation. Requires Exchange admin access or Microsoft Graph Reports API

Related controls:EXT-08
Q
What license do I need for EXT-08?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:EXT-08
Q
Which security baseline includes EXT-08?
A

EXT-08 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.

Related controls:EXT-08

5

Questions

1

Related Controls

Categorized

Related Resources

EXT-08 Control Reference

Detailed documentation and implementation guidance

Guest & External Access Controls

All controls in the Guest & External Access category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →