I’d like to take a moment to share some observations regarding recent changes
implemented by Microsoft, which may have implications for the way users and admins
navigate and utilize their 0365 suite of tools.
I want to share the best practices for creating mailbox delegations that work well for me
personally. The key is to navigate to the Admin Portal (not Exchange) and utilize the
“Send on Behalf of,” “Send as,” and “Read and Manage mailbox” settings. However, its
longevity in both the Admin and Exchange Portal is uncertain as Microsoft continues to
push towards groups.
For User Mailboxes the setting options for both Admin and Exchange are similar however they
differ when it comes to Shared Mailboxes. For a standard this article recommends using
the Admin Portal.
Let’s go over the best practices for delegation:
In the Office 365 admin portal, the following settings for Shared Mailboxes are available:
Read and manage permissions: This permission allows the assigned user mailbox to
read and manage emails in the user mailbox on which the delegate access is assigned. Read
and Manage permission does not grant “Send as” or “Send on behalf” permissions.
Why is this important: If you only enable Read and Manage Permissions, the user has
full read access to the mailbox but does not have permissions to send any emails, which
is ideal for monitoring.
Send as permissions:
Mailbox permission to send an email message on behalf of another person (original
email is not shown).
Why is this important:
Emails sent to recipients through a delegate’s mailbox on behalf of a user’s email address show
as if they are coming from the original user’s mailbox, even though they are sent by a
delegate.
Send on Behalf:
Emails sent through the user mailbox by the delegate will indicate that
the emails are being sent on behalf of the user.
Why is this important:
Emails sent through one user’s mailbox by the delegate will
indicate that the emails are being sent on behalf of the other user, including the original
email address it was sent from.
Meanwhile, the Office 365 Exchange Portal has the following settings (Shared Mailboxes) see Figure 2:
Send As Read and Manage
You might be asking, why would I care if “Send on Behalf” is not in the admin portal?
This allows journaling for both the sender of the email and the recipient. While “Send
as” is a great function, it simply sends the email as if the user is active. This is especially
important if a user is away and delegation access has been given to another user. Any
emails that need to be addressed to contacts can be done from the delegate’s email address, and when the user returns, they are able to see all the mail sent on their behalf. These settings are
consistent for both shared mailboxes and user mailboxes in the Administrators portal and not in
the Exchange portal.