Mailbox delegation in M365: delegated vs. shared vs. full access
PA-to-CEO mailbox, shared support@ inbox, delegated calendar. Three technically distinct mechanisms, each with its own permission model.
Three ways to give someone access to your mailbox: delegation, send-on-behalf, and shared mailbox. They are not interchangeable.
\n\nDelegation
\nRights: view, edit, manage. The delegate opens the mailbox as a "delegate". Used for: PA-to-director scenarios. Mail stays owned by a single owner.
\n\nSend-on-behalf
\nThe delegate sends on someone else's behalf. Mail shows "[delegate] on behalf of [owner]". Designed for transparency — the recipient knows who actually clicked send.
\n\nFull Access
\nFull rights, including send-as. The delegate sends mail that appears as though the owner sent it themselves. Risky unless clearly agreed upon. That said, send-as activity is recorded in the audit log.
\n\nShared mailbox
\nNo single owner — multiple users have access. Think support@, info@. No extra licence required up to 50 GB. Most widely used and most often mismanaged — "everyone can access it" quickly becomes "no one feels responsible for it".
\n\nGovernance
\n-
\n
- Every shared mailbox has a named human owner (responsible for cleaning up delegation when someone leaves). \n
- Review the delegation list for each mailbox annually. \n
- Do NOT use send-as between individuals without an explicit agreement. \n
- During offboarding: check delegations specifically — don't overlook them. \n
See also: M365 pillar.
Volledige gids: Gobernanza de Microsoft 365 para pymes — pragmática, no perfeccionista
Dit artikel is onderdeel van onze uitgebreide Microsoft 365 & Entra ID-gids. Lees de pillar voor het complete plaatje.
Lees de pillar →