Grant and Revoke Access to Mailboxes – Office 365

There may be times where you may need to grant an IT administrator or other employees access to another user’s mailbox.
Below I will demonstrate how to:

  • Grant an Admin access to a single mailbox
  • Grant an Admin access to all mailboxes
  • Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)

  1. First make sure you have the remote signed execution policy set to true. You can do this by running PowerShell in admin mode and running: Set-ExecutionPolicy RemoteSigned
  2. Next, run the following to authenticate your self and import PowerShell commands to your local session:
    $LiveCred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    Import-PSSession $Session

Grant an Admin access to a single mailbox

  • Add-MailboxPermission user@domain.com -User admin@domain.com -AccessRights FullAccess -InheritanceType All

Grant an Admin access to all mailboxes

  • Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User admin@domain.com -AccessRights fullaccess -InheritanceType all

Revoke the above permissions

  • If you want to revoke permissions after granting them, simply replace the ‘Add-MailboxPermission‘ with ‘Remove-MailboxPermission‘ followed by the original command you entered to grant the permissions. For example, to grant admin@example.com full access to user@example.com, you would enter the command:
    Add-MailboxPermission user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All
  • To revoke admin@example.com from viewing user@example.com, you would enter the command:
    Remove-MailboxPermission user@example.com -User admin@example.com -AccessRights FullAccess -InheritanceType All

Update: There is a switch you can use in conjunction with the above commands which will hide the user mailboxe from appearing in the mailbox-tree panel in Outlook (on the left side).

-AutoMapping $false

Thanks to Stephen Ford for this tip!

This entry was posted in Tech and tagged , , , , , . Bookmark the permalink.

10 Responses to Grant and Revoke Access to Mailboxes – Office 365

  1. Pingback: Archiving a User’s Mailbox on Office 365 | emtunc's Blog

  2. Josh says:

    Once permissions are granted, how does one make use of those permissions and view the mailboxes?

    • E Mikail T says:

      Hello Josh,
      You can view the mailbox either via OWA or Outlook after logging in to the Administrator account. Make use of the ‘Open Other Mailbox’ function in OWA or add the mailbox as an addition in Outlook.
      Hope that helps.

  3. Mike E says:

    Josh,

    It’s been my experience that the granted permissions automatically show up in Outlook 2010 as a new tree on the folder nav. window. However, if they don’t you can follow the below MS article: http://office.microsoft.com/en-us/outlook-help/manage-another-person-s-mail-and-calendar-items-HA010355561.aspx#_Toc307479956

  4. Chris says:

    Very Nice article. It helped me grant one person to view all mailboxes, however, how does one prevent them from showing up in the profile in the Nav Tree on Office 2010? I filled up a 75GB hard drive from all of their mail syncing in to my profile and I would like to have it so I have my own mailbox, and then to view another mailbox, I would do the file -> open other user’s mailbox. I try to delete those mailboxes and Outlook does not allow me to.

    • E Mikail T says:

      Chris,
      Are you saying that all of the mailboxes can be seen in the tree structure (left panel in Outlook)?
      What happens if you right click and click on the option to close the mailbox?
      Do the mailboxes show up when you go to file –> open other user mailbox?

      I haven’t come across this issue – usually I have to specifically open that user’s mailbox – it should not show up by default afaik.

      • Chris says:

        Yes all inboxes are listed in the left side panel. If you try to Close it — it will give me a message saying that the inbox is associated with an account. I’ve tried registry hacks and removing the profile and re adding the profile. None have worked.

        • E Mikail T says:

          Strange… I’ll look out for this the next time I assign privileges for the administrator account.
          I assume this is the article you followed for the registry hacks @ http://www.techrepublic.com/forum/questions/101-273915
          Can you try on another PC just to make sure it isn’t an Outlook issue on that specific machine?

          Another article suggests the following to ‘refresh’ the list of mailboxes in file –> account options etc:

          “After a while, I found that a solution was to go to the Exchange “account settings”, then click “More Settings”, go to the “Advanced” tab, and click “Add”, choose a different Mailbox where the user has permissions.
          This seems to refresh the Additional Mailbox section”

          If non of the above fixes the problem, I would suggest making a post in the 365 forums and see if a Microsoft rep can help.

        • E Mikail T says:

          Hello Chris,
          See the update to the article – this may solve your problem!

Comments are closed.