Share via

How to assign read only permissions for a user on a shared mailbox.

Ryan Hormann 20 Reputation points
2026-02-24T19:47:32.0033333+00:00

We have a shared mailbox that the finance department has. We want to give Bob in engineering read only access. The only solution I currently see out there is to give Bob Read and manage permissions in Exchange Online and then on every folder in the shared mailbox, under Sharing and permissions, give Bob Reviewer access.

This works, but doesn't seem maintainable. If folders are ever created or a new user needs read access permissions, then they need to be added to every folder/new folder again. Is there really not a different way to give read only access from Exchange Online.

Exchange Online
Exchange Online

A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.

0 comments
Answer accepted by question author
  1. Vasil Michev 125.2K Reputation points MVP Volunteer Moderator
    2026-02-24T20:54:38.9333333+00:00

    What the M365 portal refers to as Read and manage permissions is actually Full access, so in this scenario you are not granting read-only permissions. The only way to grant such is by leveraging folder-level permissions, without granting Full access ones.

    And yes, you need to stamp them on each folder, including newly created ones. While the process is indeed more complicated that it has to be, you can use PowerShell script to automate it. Here's one I wrote a while back that allows you to cover all folders in one go, or choose a subset if needed: https://michev.info/blog/post/5763/managing-mailbox-folder-permissions-in-bulk-in-microsoft-365

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-24T19:47:40.96+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To assign read-only permissions for a user on a shared mailbox in Exchange Online, you can grant Full Access permissions to the shared mailbox, which allows the user to read all emails. However, this does not inherently restrict the user from modifying or deleting items. Unfortunately, Exchange Online does not provide a direct way to assign purely read-only access at the mailbox level without granting additional permissions.

    The approach you mentioned, where you give Read and manage permissions and then set Reviewer access on each folder, is indeed one way to achieve a more granular control over what the user can do. However, as you've noted, this can become cumbersome when managing multiple folders or when new folders are created.

    Currently, there isn't a built-in feature in Exchange Online to automatically apply read-only permissions to new folders in a shared mailbox without manually adjusting permissions for each folder. You may need to continue using the method you have in place or consider using PowerShell scripts to automate the process of setting permissions on new folders if that becomes necessary.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.