Grant & Revoke Access to Mailboxes

There may be times where you may need to grant an IT administrator or other employees access to another user’s mailbox.
Below I will demonstrate how to:

  • Grant an Admin access to a single mailbox
  • Grant an Admin access to all mailboxes
  • Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)
  1. First make sure you have the remote signed execution policy set to true. You can do this by running PowerShell in admin mode and running: Set-ExecutionPolicy RemoteSigned
  2. Next, run the following to authenticate your self and import PowerShell commands to your local session:
    $LiveCred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    Import-PSSession $Session

Grant an Admin access to a single mailbox

Grant an Admin access to all mailboxes

  • Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User[email protected] -AccessRights fullaccess -InheritanceType all

Revoke the above permissions

  • If you want to revoke permissions after granting them, simply replace the ‘Add-MailboxPermission‘ with ‘Remove-MailboxPermission‘ followed by the original command you entered to grant the permissions. For example, to grant [email protected] full access to [email protected], you would enter the command:
    Add-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All

 

There is a switch you can use in conjunction with the above commands which will hide the user mailboxe from appearing in the mailbox-tree panel in Outlook (on the left side).

-AutoMapping $false