Imagine you are working in a company, and your organization wants you to check every email of any particular mailbox, so in that case either you will need credentials or delegation access to that mailbox. Mailbox delegation is like having access to another user mailbox. In this guide, we will see what type of access one can get through delegation and ways to provide access to someone. This article applies to Microsoft 365 administrators as users cannot provide delegation access, admin access is required to perform this task.
What is mailbox delegation and its type?
Mailbox delegation is known as a process to provide delegation access of one user mailbox to another user or providing shared mailbox access to the users. Suppose you are working as a personal assistant in an office and your manager wants you to check his emails, so for this you will need delegation access of your manager’s mailbox.
Types of Delegation Permissions
There are three types of mailbox delegation permissions that you can provide to someone else.
- Full Access (Read and manage) – Full access delegation permission refers to read and manage the mailbox. Users can read all emails, delete and manage all mailbox things like creating tasks and calendars. Sending will be not allowed.
- Send As – This allows you to send emails from another mailbox whose Send As delegation permission is provided to you. The email will look as sent by the owner of the mailbox.
- Send On Behalf – It allows you to send emails on the behalf of another mailbox. In the sent email, it will be written as that “<delegated email> sent on the behalf of <mailbox>”.
Setting Up Mailbox Delegation Permissions
To set up mailbox delegation permissions, we can either use Microsoft 365 Exchange Administration or Windows PowerShell. Admin Center method can be used if you have a low number of users but in case of large number of users, it is advisable to use PowerShell to save time. PowerShell can perform Microsoft 365 tasks easily using scripts for bulk users. Let’s discuss both the methods one by one.
Note: If the user is hidden from the Global address list, then delegate permissions will not work for that user.
Using Admin Center for Delegation Permissions:
- Visit Microsoft 365 Exchange Admin Center and login with your admin credentials.
- Now click on the recipients then mailbox in the left sidebar. Choose user mailboxes and click on the Mailbox delegation You can choose multiple user mailboxes including shared mailboxes.
- Now a right-side window will open, add a delegate, choose the permissions according to your needs and click on the save (You can also choose multiple delegates and provide different permissions for them).
Note: If you add both “send as” and “send on behalf” permission for same user then it will prioritize Send as permission.
- Once saved, you will see message displaying “Bulk add mailbox delegation added”.
This method is easy, and one can do it easily but if you have lots of users for mailbox delegation, then it will be better to use PowerShell to work faster.
Add Mailbox Delegation using Windows PowerShell
If you are using PowerShell for the first time, then you will need to install Exchange Online PowerShell module in Windows PowerShell. Once done you are good to go with the steps below.
- Run Windows PowerShell as Administrator and Connect to Exchange Online using the command mentioned below and log in with your admin credentials.
connect-exchangeonline
Once connected to Exchange Online PowerShell, you can follow the below mentioned commands according to your needs.
Delegation For Single Mailbox:
You can use the command below according to the permissions required for a single mailbox.
Full Access Permission:
Add-MailboxPermission –identity [email protected] -User [email protected] -AccessRights FullAccess
Send As Delegation:
Add-RecipientPermission -Identity [email protected] -Trustee [email protected] -AccessRights SendAs
Send On Behalf Permissions:
Set-Mailbox -Identity [email protected] -GrantSendOnBehalfTo [email protected]
Note: {change [email protected] with your user mailbox address and [email protected] with delegate person mailbox address}
Delegation for Bulk User Mailboxes:
If you want to set up delegation permissions for multiple mailboxes to multiple users, then you can use the below mentioned command. But first you will need to prepare a CSV file and add the details in that according to your needs as shown in the image.
- After preparing the CSV file, run the command below in the Windows PowerShell.
# Load the CSV file
$delegations = Import-Csv -Path "C:\Users\Manoj\Desktop\delegation.csv"
foreach ($entry in $delegations) {
$mailbox = $entry.Mailbox
$delegate = $entry.Delegate
# Grant Full Access
if ($entry.FullAccess -eq "Yes") {
Add-MailboxPermission -Identity $mailbox -User $delegate -AccessRights FullAccess -InheritanceType All -AutoMapping $false -ErrorAction SilentlyContinue
}
# Grant Send As
if ($entry.SendAs -eq "Yes") {
Add-RecipientPermission -Identity $mailbox -Trustee $delegate -AccessRights SendAs -Confirm:$false -ErrorAction SilentlyContinue
}
# Grant Send on Behalf
if ($entry.SendOnBehalf -eq "Yes") {
# Get existing delegates
$existing = (Get-Mailbox $mailbox).GrantSendOnBehalfTo
# Add new delegate to the list
$updated = $existing + $delegate
# Apply updated list
Set-Mailbox -Identity $mailbox -GrantSendOnBehalfTo $updated -ErrorAction SilentlyContinue
}
}
Full Access Permission to All Mailboxes
Get-Mailbox –ResultSize Unlimited | Add-MailboxPermission –User [email protected] -AccessRights FullAccess
Conclusion:
This article describes how to add mailbox delegation in Microsoft Office 365 using Exchange Admin Center and Windows PowerShell. Exchange Admin Center is quite easy to perform but can be time taking if delegating lots of users. The PowerShell method is also not tough and is simple for those who prefer command line operations. It makes the task simple and fast. One can prefer any of the methods described for their delegation permission needs.
