No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Read-only access to another user's mailbox

  • 3 Followers
  • 4 Replies |
  • This post has 0 verified answers |
Not Answered This question is not answered
As Exchange admin, I have been asked to grant a supervisor access to read another user's email without the user's knowledge. I can only seem to grant FullAccess permission from Powershell, which allows the supervisor to mark items as read or unread while viewing this mailbox. I would like to have a read-only permission where the supervisor can make no changes (especially changing the read-unread status of an item) but view all correspondence.

According to this -- http://community.office365.com/en-us/forums/160/p/12764/57756.aspx?wa=wsignin1.0 -- the request cannot be completed. I have submitted a request to have this changed.

 

If I use this command -- Add-MailboxPermission -Identity user@domain.com -User supervisor@domain.com -AccessRight ReadPermission -InheritanceType All -Automapping $false -- the supervisor cannot view the email. (This is apparently by design as ReadPermission just grants the ability to read the permissions on the item.)

 

If I use this command -- Add-MailboxPermission -Identity user@domain.com -User supervisor@domain.com -AccessRight FullAccess -InheritanceType All -Automapping $false -- the supervisor can view the email but also move, delete and mark it read. 

 

Any tips on making a change in Powershell so the account can be viewed surreptitiously?

 

Thanks.

  • Post Points: 35
All Replies
  • Hi jasonmw,

    I’d like to confirm the follow situation whether you want to limit supervisor can only read user mailbox of data, however not do any changes to the user mailbox.

    If so, as far as I know, this target can’t be achieved in Exchange Online. I suggest that you can use Journaling rules . By creating a Journaling rules, Collect the specified user  mail traffic .All the Email traffic from specified user will be copied to an external mailbox, such as Hotmail, Gmail, and so on. The supervisor can check on the user's  E-mail traffic from the external mailbox.

    For more information about create a Journaling rules ,please refer to the follow this article.

    http://help.outlook.com/en-us/140/Ff628714.aspx

    Thanks

    • Not Ranked
    • Post Points: 0
  • Thanks Marioking.

    This is a helpful solution for monitoring email going forward but does not address reviewing historical email correspondence. It provides an option, and I appreciate that, however I am looking to add the mailbox, allowing historic access and ongoing monitoring at one point.

    • Not Ranked
    • Post Points: 0
  • Hi jasonmw,
    As your said ,If we grant supervisor to access another user's mailbox, we can only give him with full permission to this mailbox, so, in a read-only way to access user mailbox , it is unavailable. If you have any questions or have additional information to add to your previous suggestion, I would suggest you submitting a feedback at http://mymfe.microsoft.com/Microsoft%20Online%20Services/Feedback.aspx?formID=210
    Thanks,
    Luke Yan
     

    • Top 500 Contributor
    • Post Points: 0
  • Hi jasonmw,
    How are the things going?Has this issue been resolved?
    If you have any other questions or concerns, please do not hesitate to tell us. 
    Thanks,
    Luke Yan

    • Top 500 Contributor
    • Post Points: 0
Page 1 of 1 (5 items)