Mailbox Permissions and Delegation

Are Permissions and Delegation Migrated?

Yes, Mailbox Permissions, Folder Permissions and access rights are migrated if the destination user exists and has been matched with the Power365 Project executing the migration.

 

What are delegates?

Delegates are Mail Enabled Users within your organization that have been granted specific access and rights to interact with another end-user’s mailbox. Delegate Access goes beyond just sharing access to your folders. Delegates are granted additional permissions, such as creating email messages or responding to meeting requests on your behalf.

As the person granting permission, you determine the level of access that the delegate has to your folders. You can grant a delegate permission to read items in your folders or to read, create, change, and delete items.

For more information about delegates, check out this support article.

 

What are the delegate permission levels?

  • Reviewer – With this permission, the delegate can read items in your folders.

  • Author – With this permission, the delegate can read and create items, and change and delete items that he or she creates. For example, a delegate can create task requests and meeting requests directly in your Task or Calendar folder and then send the item on your behalf.

  • Editor – With this permission, the delegate can do everything that an Author has permission to do and additionally can change and delete the items that you created.

 

What are mailbox permissions?

  • Full Access – Full Access permission allows a delegate to open this mailbox and behave as the mailbox owner.

  • Send As – Send As permission allows a delegate to send email from this mailbox. The message will appear to have been sent by the mailbox owner.

  • Send on Behalf – Send on Behalf permission allows the delegate to send email on behalf of this mailbox. The From line in any message sent by a delegate indicates that the message was sent by the delegate on behalf of the mailbox owner.

For more information about delegates, check out this support article.

 

What are Mailbox access rights?

Access Rights specify the permission assigned to the user on the mailbox. The supported parameters are:

  • Change Owner – Change Owner allows a delegate to modify mailbox owner permissions.

  • Change Permission – Change Permission allows a delegate to modify another users’ permission.

  • Delete Item – Delete Item permission allows a delegate to open this mailbox but only delete content. No editing or creation is allowed.

  • External Account – External Account allows a delegate from an outside organization to open this mailbox.

  • Read Permission – Read Permission allows a delegate to open this mailbox but only read content. No editing or creation is allowed.

Here is some more information on mailbox access rights.

 

How do I verify mailbox permissions and delegates were migrated?

There are several options for end-users and administrators to verify mailbox access was migrated.

  • UI Options for End-User – The end-user may verify through Outlook. Here are some helpful articles on the topic.

    •  Article 1

    •  Article 2

  • UI Options for Admins – The Office 365 Global Administrator may verify the Mailbox permissions from the Exchange Online Portal.

  • PowerShell Options for Admins – The Office 365 Global Administrator may also verify the Mailbox permissions via remote PowerShell.

    •  How to verify the Delegates Folder Level Permissions Access Rights?

        Get-MailboxFolderPermission -Identity jon.doe@contoso.com:\calendar | fl

        Get-MailboxFolderPermission -Identity jon.doe@contoso.com:\inbox | fl

        Get-MailboxFolderPermission -Identity jon.doe@contoso.com:\notes | fl

        Get-MailboxFolderPermission -Identity jon.doe@contoso.com:\tasks | fl

        Get-MailboxFolderPermission -Identity jon.doe@contoso.com:\contacts | fl

        You may also view root folder permissions using:

        Get-MailboxFolderPermission -Identity jon.doe@contoso.com:\

    •  How to verify the Send As mailbox permissions?

         Get-Mailbox jon.doe@contoso.com -ResultSize Unlimited | Get-RecipientPermission | ? {$_.Trustee -ne "NT AUTHORITY\SELF"}

    •  How to verify the Send on behalf mailbox permissions?

        Get-Mailbox jon.doe@contoso.com -ResultSize Unlimited | ? {$_.GrantSendOnBehalfTo -ne $null} | select Name,Alias,UserPrincipalName,PrimarySmtpAddress,GrantSendOnBehalfTo

 

After migration, why are some of my Delegates listed as “Not Found” from Outlook?

Read this Binary Tree Knowledge Base article for more details.

Additional Information