Create README.md

This script identifies shared mailboxes that have no assigned owners or members by analysing mailbox permissions in Exchange Online. It detects shared mailboxes where no user (other than system accounts) has FullAccess permissions, indicating the mailbox is effectively unmanaged.

Author: ojopiyo

scripts/m365-get-shared-mailboxes-without-owners/README.md

@@ -0,0 +1,113 @@
+
+
+# Get Shared Mailboxes Without Owners
+
+## Summary
+
+This script identifies **shared mailboxes that have no assigned owners or members** by analysing mailbox permissions in Exchange Online. It detects shared mailboxes where no user (other than system accounts) has **FullAccess** permissions, indicating the mailbox is effectively unmanaged.
+
+The output can be used for **governance reviews, access audits, compliance reporting, and remediation planning** in large Microsoft 365 tenants.
+
+## Why It Matters
+
+In many organisations, shared mailboxes are created for teams, projects, or business functions. Over time, users leave, teams are restructured, or ownership is never formally assigned.
+
+Unowned shared mailboxes can:
+- Contain sensitive or regulated data
+- Remain accessible to unintended users
+- Fail internal access control or audit requirements
+- Become unmanaged attack surfaces
+
+This script enables administrators to **proactively identify and remediate orphaned shared mailboxes** before they become a security or compliance risk.
+
+## Benefits
+- Improves mailbox ownership governance
+- Supports security and compliance audits
+- Reduces risk of unauthorised data access
+- Helps maintain least-privilege access
+- Scales efficiently for large Microsoft 365 tenants
+
+
+# [PnP PowerShell](#tab/pnpps)
+
+```powershell
+
+Connect-ExchangeOnline -ShowBanner:$false
+
+$sharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited
+$results = @()
+
+foreach ($mailbox in $sharedMailboxes) {
+
+    $permissions = Get-MailboxPermission -Identity $mailbox.Identity |
+        Where-Object {
+            $_.AccessRights -contains "FullAccess" -and
+            $_.IsInherited -eq $false -and
+            $_.User -notlike "NT AUTHORITY\SELF"
+        }
+
+    if ($permissions.Count -eq 0) {
+        $results += [PSCustomObject]@{
+            DisplayName       = $mailbox.DisplayName
+            PrimarySmtpAddress = $mailbox.PrimarySmtpAddress
+            MailboxGuid       = $mailbox.Guid
+        }
+    }
+}
+
+$results
+
+
+```
+
+
+# [Usage](#tab/pnpps)
+
+1. Connect to Exchange Online with sufficient permissions:
+    - Exchange Administrator or Global Administrator
+2. Run the script
+3. Review the output in the console or pipe it to export formats, for example:
+
+```powershell
+
+$results | Export-Csv ".\SharedMailboxesWithoutOwners.csv" -NoTypeInformation
+
+
+```
+
+[!INCLUDE [More about PnP PowerShell](../../docfx/includes/MORE-PNPPS.md)]
+***
+
+
+## Output
+The script returns objects with the following properties:
+- **DisplayName**
+- **PrimarySmtpAddress**
+- **MailboxGuid**
+
+Each row represents a shared mailbox with **no assigned owners or members**.
+
+## Notes
+- The script evaluates **explicit FullAccess permissions only**
+- Mailboxes managed exclusively via groups will appear as owned only if group permissions are assigned directly
+- Designed for large tenants using server-side filtering and minimal object expansion
+- Can be safely scheduled or integrated into governance reporting workflows
+
+## Contributors
+
+| Author(s) |
+|-----------|
+| [Josiah Opiyo](https://github.com/ojopiyo) |
+
+*Built with a focus on automation, governance, least privilege, and clean Microsoft 365 tenants—helping M365 admins gain visibility and reduce operational risk.*
+
+
+## Version history
+
+Version|Date|Comments
+-------|----|--------
+1.0|Jan 11, 2026|Initial release
+
+
+[!INCLUDE [DISCLAIMER](../../docfx/includes/DISCLAIMER.md)]
+