Grant and Revoke Access to Mailboxes – Office 365

There may be times where you may need to grant an IT administrator or other employees access to another user’s mailbox.
Below I will demonstrate how to:

  • Grant an Admin access to a single mailbox
  • Grant an Admin access to all mailboxes
  • Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)

  1. First make sure you have the remote signed execution policy set to true. You can do this by running PowerShell in admin mode and running: Set-ExecutionPolicy RemoteSigned
  2. Next, run the following to authenticate your self and import PowerShell commands to your local session:
    $LiveCred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri -Credential $LiveCred -Authentication Basic -AllowRedirection
    Import-PSSession $Session

Grant an Admin access to a single mailbox

Grant an Admin access to all mailboxes

  • Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User [email protected] -AccessRights fullaccess -InheritanceType all

Revoke the above permissions

  • If you want to revoke permissions after granting them, simply replace the ‘Add-MailboxPermission‘ with ‘Remove-MailboxPermission‘ followed by the original command you entered to grant the permissions. For example, to grant [email protected] full access to [email protected], you would enter the command:
    Add-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All

Update: There is a switch you can use in conjunction with the above commands which will hide the user mailboxe from appearing in the mailbox-tree panel in Outlook (on the left side).

-AutoMapping $false

Thanks to Stephen Ford for this tip!

10 thoughts on “Grant and Revoke Access to Mailboxes – Office 365”

    1. Hello Josh,
      You can view the mailbox either via OWA or Outlook after logging in to the Administrator account. Make use of the ‘Open Other Mailbox’ function in OWA or add the mailbox as an addition in Outlook.
      Hope that helps.

  1. Very Nice article. It helped me grant one person to view all mailboxes, however, how does one prevent them from showing up in the profile in the Nav Tree on Office 2010? I filled up a 75GB hard drive from all of their mail syncing in to my profile and I would like to have it so I have my own mailbox, and then to view another mailbox, I would do the file -> open other user’s mailbox. I try to delete those mailboxes and Outlook does not allow me to.

    1. Chris,
      Are you saying that all of the mailboxes can be seen in the tree structure (left panel in Outlook)?
      What happens if you right click and click on the option to close the mailbox?
      Do the mailboxes show up when you go to file –> open other user mailbox?

      I haven’t come across this issue – usually I have to specifically open that user’s mailbox – it should not show up by default afaik.

      1. Yes all inboxes are listed in the left side panel. If you try to Close it — it will give me a message saying that the inbox is associated with an account. I’ve tried registry hacks and removing the profile and re adding the profile. None have worked.

        1. Strange… I’ll look out for this the next time I assign privileges for the administrator account.
          I assume this is the article you followed for the registry hacks @
          Can you try on another PC just to make sure it isn’t an Outlook issue on that specific machine?

          Another article suggests the following to ‘refresh’ the list of mailboxes in file –> account options etc:

          “After a while, I found that a solution was to go to the Exchange “account settings”, then click “More Settings”, go to the “Advanced” tab, and click “Add”, choose a different Mailbox where the user has permissions.
          This seems to refresh the Additional Mailbox section”

          If non of the above fixes the problem, I would suggest making a post in the 365 forums and see if a Microsoft rep can help.

Comments are closed.