Exchange Online PowerShell for IT Administrators: Essential Commands and Scripts

PowerShell is the Swiss Army knife of Microsoft 365Microsoft 365🌐Microsoft's subscription-based cloud productivity suite including Office applications, Exchange Online, SharePoint, and Teams. administration. While the admin center provides a graphical interface for common tasks, PowerShell unlocks capabilities that simply aren't available through the web portal—bulk operations, detailed reporting, automation, and granular configuration changes that would take hours to accomplish manually.

This guide covers the essential Exchange OnlineExchange Online🌐Microsoft's cloud-based email and calendaring service, part of Microsoft 365, that hosts mailboxes in Microsoft's data centers. PowerShell commands that every IT administrator should know.

Getting Started with Exchange Online PowerShell

Before running Exchange Online commands, you need to install the Exchange Online PowerShell module and establish a connection to your tenant.

# Install the Exchange Online PowerShell module
Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber

# Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com

Mailbox Management Commands

# Get all user mailboxes
Get-Mailbox -ResultSize Unlimited

# Get mailbox statistics
Get-MailboxStatistics -Identity "user@contoso.com"

# Export mailbox list to CSV
Get-Mailbox -ResultSize Unlimited |
  Select-Object DisplayName, UserPrincipalName, PrimarySmtpAddress |
  Export-Csv -Path "Mailboxes.csv" -NoTypeInformation

Mobile Device Management Commands

Managing mobile devices is critical for security, especially with the upcoming Exchange ActiveSync changes. See our guide on What is Exchange ActiveSync for background.

Auditing Exchange ActiveSync Versions

With Microsoft requiring EAS 16.1 or higher starting March 2026 (see Microsoft to Block Outdated Exchange ActiveSync Devices), this audit command is essential:

# Find devices running EAS versions below 16.1
Get-MobileDevice | Where-Object {
  ($_.ClientType -eq 'EAS' -or $_.ClientType -match 'ActiveSync') -and
  $_.ClientVersion -and
  ([version]$_.ClientVersion -lt [version]'16.1')
} | Sort-Object UserDisplayName |
Select-Object UserDisplayName, UserPrincipalName, DeviceModel, ClientVersion

Mail Flow and Transport Rules

# Get all transport rules
Get-TransportRule | Select-Object Name, State, Priority

# Add disclaimer to external emails
New-TransportRule -Name "External Email Disclaimer" `
  -FromScope "InOrganization" `
  -SentToScope "NotInOrganization" `
  -ApplyHtmlDisclaimerText "<p>This email is confidential.</p>"

Security and Compliance Commands

For comprehensive mobile security, see our guide on Microsoft 365 Mobile Device Management.

# Search audit log
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) `
  -EndDate (Get-Date) -RecordType ExchangeItem

# Grant mailbox permissions
Add-MailboxPermission -Identity "shared@contoso.com" `
  -User "user@contoso.com" -AccessRights FullAccess

Key Takeaways

The ExchangeOnlineManagement module is essential for Exchange Online administration.

PowerShell enables bulk operations and detailed reporting not possible through the admin center.

Mobile device auditing is critical for preparing for the March 2026 EAS 16.1 requirement.

Keep Learning

What is Exchange ActiveSync? — Understand the protocol you're managing with these PowerShell commands.

Microsoft 365 Mobile Device Management — Learn about MDM capabilities beyond PowerShell administration.

Microsoft 365 Security Best Practices — Secure your organization's cloud identity and services