Office 365 - Assigning delegate access to a group


In Office 365 in an organisation it is often useful to be able to assign delegated mailbox access to an administrator so that they can maintain or monitor emails. To do this from the user interface web interface can be very time consuming as you have to assign the role to each mailbox one-by-one, if you want to give multiple people access then it is even more time consuming. A nice solution to this is to create a mail-enabled security distribution list that contains as members those whom you would like to give access to. Depending on your setup you should create a distribution group either on your on-premises active directory or using the online web interface; ensure this group has an email address assigned.

Open Powershell.

First you need to create a connection to Office 365; enter the following command, this will prompt you to authenticate with Office so enter your credentials when asked.

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "" -Credential $cred -Authentication Basic -AllowRedirection

And then import the session that has been created. The get-mailbox command can be used to test the connection is working as expected.

Import-PSSession $session

If you get an error importing the session then you may need to allow remotely signed scripts to run by executing the following command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Next you can run the following command to assign the required access rights to the newly created administrators group. Simply replace the email address below with that of your new group.

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Add-MailboxPermission -User -AccessRights FullAccess -InheritanceType all

If you add new email accounts to the domain then you will need to re-run the script to update those accounts with the permissions.