(Updated) Change meeting organizer via PowerShell cmdlet in Exchange Online

🚨 The Signal: A new PowerShell cmdlet allows administrators to transfer meeting organizer roles in Exchange Online. This improves operational continuity but requires careful privilege management to prevent unauthorized meeting control.

The Impact

Exchange Online administrators gain a new cmdlet, increasing the risk of unauthorized meeting control if administrative privileges are not tightly managed.

• Exchange Administrators: New cmdlet requires careful permission delegation to prevent abuse.
• Security Teams: Must review and update role-based access controls for Exchange administrators.
• Meeting Organizers: Meetings can be transferred without their direct consent via admin action, impacting meeting integrity.
• Attendees: May see unexpected organizer changes, potentially leading to confusion or social engineering risks if misused.

The Action

1. Review existing Exchange Online administrative roles and their assigned permissions.
2. Identify which administrative roles will be granted permission to use the 'Set-CalendarProcessing' cmdlet (or equivalent for organizer transfer).
3. Implement or refine Role-Based Access Control (RBAC) policies to limit cmdlet execution to only authorized personnel.
4. Audit logs for 'Set-CalendarProcessing' cmdlet usage to detect unauthorized meeting organizer changes.
5. Communicate new administrative capabilities and associated security policies to relevant IT and security teams.

Domain: Exchange · Impact: medium · Workload: Exchange Online · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898