There may be times where you may need to grant an IT administrator or other employees access to another user’s mailbox.
Below I will demonstrate how to:
- Grant an Admin access to a single mailbox
- Grant an Admin access to all mailboxes
- Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)
- First make sure you have the remote signed execution policy set to true. You can do this by running PowerShell in admin mode and running: Set-ExecutionPolicy RemoteSigned
- Next, run the following to authenticate your self and import PowerShell commands to your local session:
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Grant an Admin access to a single mailbox
Add-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All
Grant an Admin access to all mailboxes
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User[email protected]-AccessRights fullaccess -InheritanceType all
Revoke the above permissions
- If you want to revoke permissions after granting them, simply replace the ‘Add-MailboxPermission‘ with ‘Remove-MailboxPermission‘ followed by the original command you entered to grant the permissions. For example, to grant [email protected] full access to [email protected], you would enter the command:
Add-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All
- To revoke [email protected] from viewing [email protected], you would enter the command:
Remove-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All
Update: There is a switch you can use in conjunction with the above commands which will hide the user mailboxe from appearing in the mailbox-tree panel in Outlook (on the left side).
-AutoMapping $false
Thanks to Stephen Ford for this tip!
10 replies on “Grant and Revoke Access to Mailboxes – Office 365”
[…] to view the user mailbox (or see my other article which also tells you how to do this en masse @ Grant and Revoke Access to Mailboxes – Office 365):Add-MailboxPermission [email protected] -User [email protected] -AccessRights […]
Once permissions are granted, how does one make use of those permissions and view the mailboxes?
Hello Josh,
You can view the mailbox either via OWA or Outlook after logging in to the Administrator account. Make use of the ‘Open Other Mailbox’ function in OWA or add the mailbox as an addition in Outlook.
Hope that helps.
Josh,
It’s been my experience that the granted permissions automatically show up in Outlook 2010 as a new tree on the folder nav. window. However, if they don’t you can follow the below MS article: http://office.microsoft.com/en-us/outlook-help/manage-another-person-s-mail-and-calendar-items-HA010355561.aspx#_Toc307479956
That’s a useful article – thanks Mike 🙂
Very Nice article. It helped me grant one person to view all mailboxes, however, how does one prevent them from showing up in the profile in the Nav Tree on Office 2010? I filled up a 75GB hard drive from all of their mail syncing in to my profile and I would like to have it so I have my own mailbox, and then to view another mailbox, I would do the file -> open other user’s mailbox. I try to delete those mailboxes and Outlook does not allow me to.
Chris,
Are you saying that all of the mailboxes can be seen in the tree structure (left panel in Outlook)?
What happens if you right click and click on the option to close the mailbox?
Do the mailboxes show up when you go to file –> open other user mailbox?
I haven’t come across this issue – usually I have to specifically open that user’s mailbox – it should not show up by default afaik.
Yes all inboxes are listed in the left side panel. If you try to Close it — it will give me a message saying that the inbox is associated with an account. I’ve tried registry hacks and removing the profile and re adding the profile. None have worked.
Strange… I’ll look out for this the next time I assign privileges for the administrator account.
I assume this is the article you followed for the registry hacks @ http://www.techrepublic.com/forum/questions/101-273915
Can you try on another PC just to make sure it isn’t an Outlook issue on that specific machine?
Another article suggests the following to ‘refresh’ the list of mailboxes in file –> account options etc:
“After a while, I found that a solution was to go to the Exchange “account settings”, then click “More Settings”, go to the “Advanced” tab, and click “Add”, choose a different Mailbox where the user has permissions.
This seems to refresh the Additional Mailbox section”
If non of the above fixes the problem, I would suggest making a post in the 365 forums and see if a Microsoft rep can help.
Hello Chris,
See the update to the article – this may solve your problem!