> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neoagent.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Execute PowerShell (Exchange)

> Run validated PowerShell against Exchange Online and Exchange Server

This tool lets a Neo Agent generate and run validated PowerShell against Exchange — Exchange Online for cloud tenants, or on-prem Exchange Server via your RMM. It covers the full range of mailbox, recipient, mail-flow, and compliance operations.

<Info>
  Enabled automatically when you turn on **Exchange** permissions on the workflow's **Integrations** tab — there's no separate toggle in the tool list. See [Microsoft 365 integration](/integrations/m365/intro).
</Info>

## What It Does

* Manage mailboxes — properties, statistics, shared mailboxes, archive settings
* Configure mailbox permissions — full access, send-as, send-on-behalf, delegation
* Set up and remove email forwarding
* Manage recipients, contacts, and distribution groups
* Configure mail flow — transport rules, connectors, address lists, retention policies
* Run compliance and auditing operations
* Handle bulk operations across many mailboxes or recipients

## Safety

| Control                    | Behavior                                                                                            |
| -------------------------- | --------------------------------------------------------------------------------------------------- |
| **Validated cmdlets**      | Code is parsed before it runs — only Exchange cmdlets are allowed; dangerous operations are blocked |
| **Allow / deny lists**     | Optionally restrict the agent to a specific set of cmdlets, or block specific ones                  |
| **Technician-in-the-Loop** | Require human approval before any write — configurable on the Exchange permission group             |
| **Access level**           | Set the Exchange permission groups to Read Only to allow only query cmdlets                         |

## How to Configure

<Steps>
  <Step title="Connect Microsoft 365">
    [Connect your tenant](/integrations/m365/cloud) (cloud) or [on-prem environment](/integrations/m365/on-prem). Exchange Server runs through your RMM.
  </Step>

  <Step title="Enable Exchange permissions">
    On the workflow's **Integrations** tab, set the Exchange permission groups (mailboxes, permissions, recipients, distribution groups, mail flow, address lists, compliance) to Read Only or Read / Write.
  </Step>

  <Step title="Set approval and cmdlet limits">
    Decide whether writes require technician approval, and optionally restrict the allowed cmdlets.
  </Step>
</Steps>

<Tip>
  Use this for Exchange operations the higher-level Microsoft 365 tools don't cover — detailed mailbox statistics, transport rules, retention policies, or bulk recipient changes.
</Tip>