Skip to main content
Microsoft 365intermediate

Office 365 Mailbox Access: Grant User Permissions & Delegate Mailbox

Grant a user access to another mailbox in Office 365 with Full Access, Send As, and Send on Behalf permissions. Step-by-step guide to configure mailbox delegation in Exchange Online Admin Center and PowerShell.

7 min readUpdated January 2026

Granting full access to another user’s mailbox in Office 365 allows designated users to open, read, and manage emails as if they were the original mailbox owner. This is useful for assistants managing executive emails, shared departmental mailboxes, or transitioning accounts for departing employees.

Exchange Online PowerShell Command Builder

Build complete Exchange Online PowerShell scripts for mailbox permissions, forwarding, shared mailboxes, distribution groups, message traces, calendar permissions, transport rules, and reporting. Every script includes the Connect-ExchangeOnline preamble.

Open the full Exchange Online PowerShell Command Builder
Loading interactive tool...

Want us to handle this for you?

Get expert help →

This guide covers how to grant full mailbox access using both the Microsoft 365 Admin Center and PowerShell.

Requirements

  • Admin access to the Microsoft 365 Admin Center or Exchange Online PowerShell.
  • The target mailbox must be an active account.

Method 1: Grant Full Access Using the Microsoft 365 Admin Center

Step 1: Log into the Admin Center

  1. Go to https://admin.microsoft.com.
  2. Sign in with your administrator credentials.

Step 2: Open the User’s Mailbox Settings

  1. In the left-hand menu, click Users > Active users.
  2. Find and select the user whose mailbox you want to grant access to.
  3. Under the Mail tab, click Mailbox permissions.

Step 3: Assign Full Access Permissions

  1. Under Mailbox permissions, locate Read and manage (Full Access).
  2. Click Edit and then Add permissions.
  3. Search for and select the user who should have full access to the mailbox.
  4. Click Save changes to apply the permissions.

📌 Note: It may take up to 60 minutes for the changes to take effect.

Method 2: Grant Full Access Using PowerShell

For larger organizations, PowerShell provides a faster way to grant mailbox access permissions in bulk.

Step 1: Connect to Exchange Online PowerShell

  1. Open PowerShell on your computer.
  2. Run the following command to connect to Exchange Online:powershellCopyEditConnect-ExchangeOnline -UserPrincipalName admin@yourdomain.com

Step 2: Grant Full Access to a User

Run the following command, replacing values as needed:

Add-MailboxPermission -Identity "targetuser@yourdomain.com" -User "granteduser@yourdomain.com" -AccessRights FullAccess

📌 Example: If you want to give John Smith full access to Jane Doe’s mailbox, use:

Add-MailboxPermission -Identity "jane.doe@yourdomain.com" -User "john.smith@yourdomain.com" -AccessRights FullAccess

Step 3: Verify the Permission Assignment

To confirm that full access was granted, run:

Get-MailboxPermission -Identity "jane.doe@yourdomain.com"

This will display a list of users who have access to the mailbox.

How the Assigned User Can Access the Mailbox

Outlook on the Web (OWA):

  1. Log in to https://outlook.office.com.
  2. Click on the profile picture (top-right corner).
  3. Select Open another mailbox and enter the mailbox email address.
  4. Click Open to access the mailbox.

Outlook Desktop App:

  1. Open Outlook and go to File > Account Settings > Account Settings.
  2. Select your account and click Change > More Settings.
  3. Navigate to the Advanced tab and click Add.
  4. Enter the shared mailbox email address and click OK.
  5. Restart Outlook, and the mailbox will appear in the left-hand panel.

How to Remove Full Access Permissions

Using Admin Center:

  1. Go to Admin Center > Users > Active Users.
  2. Select the original mailbox owner.
  3. Under Mailbox permissions, find the assigned user.
  4. Click Remove and Save changes.

Using PowerShell:

Run the following command to revoke access:

Remove-MailboxPermission -Identity "jane.doe@yourdomain.com" -User "john.smith@yourdomain.com" -AccessRights FullAccess

Best Practices

  • Review Mailbox Access Regularly – Ensure only authorized users have access to sensitive mailboxes.
  • Use Role-Based Access Control – Instead of granting full access, consider using Send As or Send on Behalf for security.
  • Document Changes – Keep a record of mailbox access modifications for compliance and auditing.

Frequently Asked Questions

Find answers to common questions

To grant full access to another user's mailbox in Office 365, you must have administrator privileges in the Microsoft 365 Admin Center or Exchange Online PowerShell. Specifically, you need to be assigned a role that includes Mailbox Permissions management, such as Global Administrator or Exchange Administrator. Ensure that the target mailbox is active and that you have the necessary user information before proceeding.

To verify that full access permissions were granted, use PowerShell with the command: Get-MailboxPermission -Identity "[email protected]". This command will list all users with access to the specified mailbox, including their permission levels. If the user you added appears with FullAccess rights, the assignment was successful. For Admin Center users, you can check the Mailbox permissions section under the user’s mailbox settings.

If the assigned user cannot access the shared mailbox, first verify that permissions were correctly assigned using the Get-MailboxPermission command. If permissions are correct, ensure the user is logging in to the correct Outlook interface with the proper email address. Sometimes, it may take up to 60 minutes for permissions to propagate. If issues persist, check if the user's account is in good standing and not subject to any access restrictions.

Need help shipping something?

Productized MVP development for founders. 9 SaaS apps shipped — yours could be next, in 6 weeks.

Learn About Secure MVPExplore Custom Software Development

Related Articles

Configuring Conditional Access Policies in Office 365

Deploy conditional access policies in Office 365 to enforce MFA, require compliant devices, and implement a Zero Trust security model for your organization.

Read More →

Configuring Domain and DNS Settings for Office 365

Configure DNS records for Office 365 including MX, SPF, DKIM, and DMARC settings. Ensure reliable email delivery and protect against spoofing attacks.

Read More →

Office 365 Email Forwarding: Configure Automatic Forwarding in Exchange Online

Configure automatic email forwarding in Office 365 for users. Admin guide to set up forwarding in Exchange Admin Center, manage forwarding settings, and control external forwarding policies.

Read More →

Related Tools

Free tools to help you implement what you learned

Email Auth Validator

Check SPF, DKIM, and DMARC configuration

Try it free →

DMARC Generator

Generate DMARC DNS records for email authentication

Try it free →

SPF Generator

Build SPF records for your domain

Try it free →
Back to Microsoft 365