Access Management
for Microsoft Exchange® (Online)

What Does the Plugin Do?

With the tools Microsoft’s provides, managing mailboxes and mailbox privileges in Exchange® is a very time-consuming process, as it requires you to rely on either the Exchange Management Console or a PowerShell script. The same goes for the reporting process: to find out who has access to a mailbox or mailbox folder, you need PowerShell. tenfold Essentials 365 gives you an interface to Exchange and Exchange Online, allowing you to read out mailbox privileges directly in tenfold.

Assigning Privileges

tenfold allows both IT admins and data owners to assign permissions to all types of mailboxes and mailbox folders. Users who would like to access a specific shared mailbox or public folder can submit a request to do so via tenfold’s self-service function. You can set data owners and approval workflows for mailboxes.

Mailbox Reporting and User Reporting

tenfold‘s intuitive user interface depicts exactly who has access to a specific mailbox or folder. The software automatically breaks down Active Directory and Azure AD groups into their members and presents them in a tree structure. tenfold also shows you which mailboxes, public folders or individual mailbox folders a specific user (or group) has access to.

Required License

tenfold Essentials PLUS

System Requirements

The following Exchange versions are supported:

  • Microsoft Exchange Server® 2013
  • Microsoft Exchange Server® 2016
  • Microsoft Exchange Online® 2019

Note: For information regarding Microsoft 365® support, click here.

Other Requirements

  • You must have a service account with the appropriate privileges to create, move, and deactivate mailboxes.
  • Changes are made using the PowerShell cmdlets for Exchange provided by Microsoft. These must be installed on the server that is used for executing commands.
  • You must install the tenfold Agent in order to run the PowerShell scripts on the server.


  • tenfold allows admins and data owners to assign privileges.
  • Privileges can be assigned to all types of mailboxes and individual mailbox folders.
  • Shared mailboxes and public folders can be included in the self-service where users can submit requests for extra permissions.
  • You can set data owners and approval workflows for mailboxes. The privilege assignment process is thus delegated away from admins to persons with the appropriate level of expertise and insight.
  • Clear depiction of who is authorized on a specific mailbox or mailbox folder.
  • Effective permissions are emphasized.

Reporting on a specific user’s or group’s permissions is normally not possible using Microsoft’s standard tools. tenfold produces detailed reports depicting exactly which mailboxes, public folders or individual mailbox folders a specific user (or group) has access to.

In Outlook, it is currently not possible to set an out-of-office reply for another person’s mailbox. This is often an issue. Why?  For one thing, people usually fall ill unexpectedly. Or they forget to set their away message before going on vacation. The problem is then that business partners or clients are left unaware of their associates’ whereabouts and have no other means of contact.

tenfold circumvents this shortcoming by enabling supervisors to set out-of-office messages for other users via self-service. This stops emails from getting lost and at the same time lowers frustration levels among business partners who are waiting for a reply to no avail.

  • Automation: tenfold transmits changes to privileges automatically, which saves time because you no longer have to perform such tasks manually.

  • Reporting: At the click of a button, tenfold provides a clear overview of which users have access to which mailbox, or which mailboxes an individual user has access to.

  • Profiles/RolesPrivileges can be grouped together with resources and privileges from other target systems and linked to organizational units. This way, privileges will be assigned and revoked automatically, e.g. when users change departments.

  • Approval workflows: Both one-step and multi-step workflows are supported.

  • Recertification: Data owners can regularly review permissions to ensure they are up to date and mark obsolete entries for removal. tenfold then removes flagged permissions automatically. Learn more about recertification with tenfold.

  • Auditing: Changes to permissions are documented automatically. You can access historical data at any time and track who had access to sensitive data.

  • Integration of data owners: Specify data owners whose job it is to look over certain privileges and who must approve requests as well as review privileges at regular intervals.

Would you like to experience tenfold LIVE?

Sign up now for our product demo!
tenfold – Simple. Secure. Ready to go.


Visit our blog for more tips & tricks on cyber security!