Managing Exchange Online through the Microsoft 365 Admin Center works fine for beginners. But when you’re handling hundreds of mailboxes, setting permissions, or exporting reports — the Exchange Online PowerShell module becomes your best friend.
This cheat sheet brings together the most useful Exchange Online PowerShell commands, organized by tasks, so you can manage your tenant faster, automate repetitive jobs, and minimize admin errors.
Why Use PowerShell for Exchange Online?
Exchange Online PowerShell lets administrators control every element of Exchange — from mailbox creation to compliance searches — using simple scripts. Unlike the graphical interface, PowerShell:
-
Speeds up bulk operations
-
Enables automation of recurring administrative tasks
-
Provides access to advanced configurations not available in the UI
-
Offers integration with scripts for audit, compliance, and migration
In short, PowerShell transforms Exchange Online administration from a manual process into an automated, scalable system.
Connecting to Exchange Online PowerShell
Before running any commands, you must connect to your Exchange Online environment.
Connect-ExchangeOnline -UserPrincipalName admin[@]domain.com
Once connected, you can start executing commands directly. To disconnect:
Disconnect-ExchangeOnline -Confirm:$false
💡 Tip: Always run PowerShell as Administrator and keep your module updated using:
Update-Module ExchangeOnlineManagement
1. Mailbox Management Commands
List All Mailboxes
Get-Mailbox
Create a New Mailbox
New-Mailbox -Name "John Doe" -MicrosoftOnlineServicesID john[@]domain.com -Password (ConvertTo-SecureString -String "Strong@123" -AsPlainText -Force)
Find a Specific Mailbox
Get-Mailbox -Identity "John Doe"
Remove a Mailbox
Remove-Mailbox -Identity "John Doe" -Confirm:$false
Export Mailbox to PST
Need to archive or back up user mailboxes? Check this detailed guide on how to export Exchange mailbox to PST using both GUI and PowerShell.
2. Permissions and Access Control
Assign Full Access Permission
Add-MailboxPermission -Identity "User1" -User "Admin1" -AccessRights FullAccess -InheritanceType All
Grant Send As Permission
Add-RecipientPermission -Identity "User1" -Trustee "Admin1" -AccessRights SendAs
Remove Permissions
Remove-MailboxPermission -Identity "User1" -User "Admin1" -AccessRights FullAccess
List Delegated Permissions
Get-MailboxPermission -Identity "User1"
3. Mail Flow and Rules
View Transport Rules
Get-TransportRule
Create a Mail Flow Rule
New-TransportRule -Name "Block External Attachments" -AttachmentTypeMatchesWords "exe" -RejectMessageReasonText "Executable files are not allowed."
Check Message Tracking Logs
Get-MessageTrace -SenderAddress user[@]domain.com -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date)
4. Distribution Groups
View All Distribution Groups
Get-DistributionGroup
Add Member to a Group
Add-DistributionGroupMember -Identity "HR Group" -Member "User2"
Remove Member
Remove-DistributionGroupMember -Identity "HR Group" -Member "User2"
Create a New Group
New-DistributionGroup -Name "Marketing Team" -PrimarySmtpAddress marketing[@]domain.com
5. Compliance and Audit Commands
Enable Mailbox Audit
Set-Mailbox -Identity "User1" -AuditEnabled $true
Check Audit Settings
Get-Mailbox -Identity "User1" | Select-Object Name, AuditEnabled
Run a Content Search
New-ComplianceSearch -Name "HR Search" -ExchangeLocation all -ContentMatchQuery "Subject:'confidential'"
Start-ComplianceSearch -Identity "HR Search"
6. Reporting and Monitoring
Export Mailbox Sizes
Get-Mailbox | Get-MailboxStatistics | Select DisplayName, TotalItemSize | Export-Csv MailboxSizes.csv -NoTypeInformation
Get Inactive Mailboxes
Search-MailboxAuditLog -StartDate (Get-Date).AddDays(-90) -EndDate (Get-Date) | Group-Object -Property MailboxOwnerUPN
Find Mailboxes Without MFA
Get-MsolUser -All | Where-Object {$_.StrongAuthenticationMethods.Count -eq 0}
7. Migration and Connectivity Commands
When performing migrations, PowerShell is essential for controlling batch jobs and validating mailbox syncs.
For example, during IMAP migrations, you can automate authentication and sync operations using PowerShell. If you’re planning such a move, explore this detailed tutorial on migrating IMAP mailboxes to Office 365 using PowerShell.
Check Migration Batches
Get-MigrationBatch
Start Migration Batch
Start-MigrationBatch -Identity "IMAPBatch01"
Stop Migration Batch
Stop-MigrationBatch -Identity "IMAPBatch01"
8. Cleanup and Maintenance
Remove Disconnected Mailboxes
Get-MailboxStatistics -Database "DB1" | Where {$_.DisconnectReason -eq "Disabled"} | ForEach {Remove-Mailbox -Database $_.Database -StoreMailboxIdentity $_.MailboxGuid -Confirm:$false}
Clear Recoverable Items Folder
Search-Mailbox -Identity "User1" -SearchDumpsterOnly -DeleteContent
Disable Out of Office for All Users
Get-Mailbox | Set-MailboxAutoReplyConfiguration -AutoReplyState Disabled
9. Security and Policy Management
List All Retention Policies
Get-RetentionPolicy
Apply Retention Policy to a Mailbox
Set-Mailbox -Identity "User1" -RetentionPolicy "Default MRM Policy"
Enable Litigation Hold
Set-Mailbox -Identity "User1" -LitigationHoldEnabled $true
Final Thoughts
PowerShell remains the backbone of Exchange Online administration. Whether you’re managing users, automating reports, or setting up compliance policies, the commands above can save hours of manual effort.
For admins handling large environments, maintaining a personal PowerShell script library can drastically reduce turnaround time — and ensure consistent, error-free operations.
So, bookmark this Exchange Online PowerShell cheat sheet and make it your go-to reference for daily administration and troubleshooting in Microsoft 365.