Merge pull request #918 from ojopiyo/patch-13

Create README.md

Author: pkbullock

scripts/m365-get-shared-mailboxes-without-owners/README.md

@@ -0,0 +1,113 @@
+
+
+# Get Shared Mailboxes Without Owners
+
+## Summary
+
+This script identifies **shared mailboxes that have no assigned owners or members** by analysing mailbox permissions in Exchange Online. It detects shared mailboxes where no user (other than system accounts) has **FullAccess** permissions, indicating the mailbox is effectively unmanaged.
+
+The output can be used for **governance reviews, access audits, compliance reporting, and remediation planning** in large Microsoft 365 tenants.
+
+## Why It Matters
+
+In many organisations, shared mailboxes are created for teams, projects, or business functions. Over time, users leave, teams are restructured, or ownership is never formally assigned.
+
+Unowned shared mailboxes can:
+- Contain sensitive or regulated data
+- Remain accessible to unintended users
+- Fail internal access control or audit requirements
+- Become unmanaged attack surfaces
+
+This script enables administrators to **proactively identify and remediate orphaned shared mailboxes** before they become a security or compliance risk.
+
+## Benefits
+- Improves mailbox ownership governance
+- Supports security and compliance audits
+- Reduces risk of unauthorised data access
+- Helps maintain least-privilege access
+- Scales efficiently for large Microsoft 365 tenants
+
+
+# [Exchange](#tab/exc)
+
+```powershell
+
+Connect-ExchangeOnline -ShowBanner:$false
+
+$sharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited
+$results = @()
+
+foreach ($mailbox in $sharedMailboxes) {
+
+    $permissions = Get-MailboxPermission -Identity $mailbox.Identity |
+        Where-Object {
+            $_.AccessRights -contains "FullAccess" -and
+            $_.IsInherited -eq $false -and
+            $_.User -notlike "NT AUTHORITY\SELF"
+        }
+
+    if ($permissions.Count -eq 0) {
+        $results += [PSCustomObject]@{
+            DisplayName       = $mailbox.DisplayName
+            PrimarySmtpAddress = $mailbox.PrimarySmtpAddress
+            MailboxGuid       = $mailbox.Guid
+        }
+    }
+}
+
+$results
+
+
+```
+
+
+# [Usage](#tab/pnpps)
+
+1. Connect to Exchange Online with sufficient permissions:
+    - Exchange Administrator or Global Administrator
+2. Run the script
+3. Review the output in the console or pipe it to export formats, for example:
+
+```powershell
+
+$results | Export-Csv ".\SharedMailboxesWithoutOwners.csv" -NoTypeInformation
+
+
+```
+
+[!INCLUDE [More about PnP PowerShell](../../docfx/includes/MORE-PNPPS.md)]
+***
+
+
+## Output
+The script returns objects with the following properties:
+- **DisplayName**
+- **PrimarySmtpAddress**
+- **MailboxGuid**
+
+Each row represents a shared mailbox with **no assigned owners or members**.
+
+## Notes
+- The script evaluates **explicit FullAccess permissions only**
+- Mailboxes managed exclusively via groups will appear as owned only if group permissions are assigned directly
+- Designed for large tenants using server-side filtering and minimal object expansion
+- Can be safely scheduled or integrated into governance reporting workflows
+
+## Contributors
+
+| Author(s) |
+|-----------|
+| [Josiah Opiyo](https://github.com/ojopiyo) |
+
+*Built with a focus on automation, governance, least privilege, and clean Microsoft 365 tenants—helping M365 admins gain visibility and reduce operational risk.*
+
+
+## Version history
+
+Version|Date|Comments
+-------|----|--------
+1.0|Jan 11, 2026|Initial release
+
+
+[!INCLUDE [DISCLAIMER](../../docfx/includes/DISCLAIMER.md)]
+<img src="https://m365-visitor-stats.azurewebsites.net/script-samples/scripts/m365-get-shared-mailboxes-without-owners" aria-hidden="true" />

scripts/m365-get-shared-mailboxes-without-owners/assets/example.png

@@ -0,0 +1,52 @@
+[
+  {
+    "name": "m365-get-shared-mailboxes-without-owners",
+    "source": "pnp",
+    "title": "Get Shared Mailboxes Without Owners",
+    "shortDescription": "This script identifies shared mailboxes that have no assigned owners or members by analysing mailbox permissions in Exchange Online.",
+    "url": "https://pnp.github.io/script-samples/m365-get-shared-mailboxes-without-owners/README.html",
+    "longDescription": [
+      ""
+    ],
+    "creationDateTime": "2026-01-11",
+    "updateDateTime": "2026-01-11",
+    "products": [
+      "Office"
+    ],
+    "metadata": [
+      {
+        "key": "POWERSHELL",
+        "value": "7.2.0"
+      }
+    ],
+    "categories": [
+      "Report"
+    ],
+    "tags": [
+      "Connect-ExchangeOnline"
+    ],
+    "thumbnails": [
+      {
+        "type": "image",
+        "order": 100,
+        "url": "https://raw.githubusercontent.com/pnp/script-samples/main/scripts/m365-get-shared-mailboxes-without-owners/assets/preview.png",
+        "alt": "Preview of the sample Get Shared Mailboxes Without Owners"
+      }
+    ],
+    "authors": [
+      {
+        "gitHubAccount": "ojopiyo",
+        "company": "",
+        "pictureUrl": "https://github.com/ojopiyo.png",
+        "name": "Josiah Opiyo"
+      }
+    ],
+    "references": [
+      {
+        "name": "Want to learn more about Microsoft Graph PowerShell SDK and the cmdlets",
+        "description": "Check out the Microsoft Graph PowerShell SDK documentation site to get started and for the reference to the cmdlets.",
+        "url": "https://learn.microsoft.com/graph/powershell/get-started"
+      }
+    ]
+  }
+]