Enable shared folders and shared mailbox scenarios in an Outlook add-in
This article describes how to enable shared folders (also known as delegate access) and shared mailbox scenarios in your Outlook add-in, including which permissions the Office JavaScript API supports.
Note
Shared folder support was introduced in requirement set 1.8, while shared mailbox support was introduced in requirement set 1.13. For information about client support for these features, see Supported clients and platforms.
Supported clients and platforms
The following table shows supported client-server combinations for this feature, including the minimum required Cumulative Update where applicable. Excluded combinations aren't supported.
Client | Exchange Online | Exchange 2019 on-premises (Cumulative Update 1 or later) |
Exchange 2016 on-premises (Cumulative Update 6 or later) |
---|---|---|---|
Web browser (modern Outlook UI) | Supported | Not applicable | Not applicable |
Web browser (classic Outlook UI) | Not applicable | Not applicable | Not applicable |
new Outlook on Windows | Supported | Not applicable | Not applicable |
Windows (classic) Shared folders: Version 1910 (Build 12130.20272) or later Shared mailboxes: Version 2304 (Build 16327.20248) or later |
Supported | Supported* | Supported* |
Mac Version 16.47 or later |
Supported | Supported | Supported |
Note
* Support for this feature in an on-premises Exchange environment is available starting in classic Outlook on Windows Version 2206 (Build 15330.20000) for the Current Channel and Version 2207 (Build 15427.20000) for the Monthly Enterprise Channel.
Supported setups
The following sections describe supported configurations for shared mailboxes and shared folders. The feature APIs may not work as expected in other configurations. Select the platform you'd like to learn how to configure.
Shared folders
The mailbox owner must first provide access to a delegate.
To provide access to manage meetings and meeting responses on behalf of the mailbox owner, see Calendar delegation in Outlook on the web.
To provide access to manage both the inbox and calendar on behalf of the mailbox owner, access must be configured through one of the following options.
The mailbox owner can configure access through classic Outlook on Windows. To learn more, see Allow someone else to manage your mail and calendar.
An administrator can configure access through the Microsoft 365 admin center. To learn more, see Give mailbox permissions to another Microsoft 365 user.
An administrator can configure access through the Exchange admin center. To learn more, see Manage permissions for recipients.
Once access is provided, the delegate must then follow the instructions outlined in the "Add another person’s mailbox to your folder list in Outlook Web App" section of the article Access another person's mailbox.
Shared mailboxes
A shared mailbox allows a group of users to easily monitor and send messages and meeting invites using a shared email address.
In Outlook on the web, a shared mailbox can be opened in the same panel as a user's primary mailbox or in a separate browser tab or window. For guidance, see Open and use a shared mailbox in Outlook on the web.
Note
In Outlook on the web, if you open a shared mailbox in a separate browser tab or window using the Open another mailbox option, you may encounter issues when accessing add-ins from the mailbox. We recommend opening the mailbox in the same panel as your primary mailbox instead. This ensures that add-ins work as expected in your shared mailbox.
If you prefer to open the shared mailbox using the Open another mailbox option, we recommend deploying the add-in to both your primary user and shared mailboxes.
In new Outlook on Windows, a shared mailbox is added to the Shared with me section of the folder pane. For guidance, see Open and use a shared mailbox in Outlook.
To learn more about where add-ins do and don't activate in general, refer to the Mailbox items available to add-ins section of the Outlook add-ins overview page.
Supported permissions
The following table describes the permissions that the Office JavaScript API supports for delegates and shared mailbox users.
Permission | Value | Description |
---|---|---|
Read | 1 (000001) | Can read items. |
Write | 2 (000010) | Can create items. |
DeleteOwn | 4 (000100) | Can delete only the items they created. |
DeleteAll | 8 (001000) | Can delete any items. |
EditOwn | 16 (010000) | Can edit only the items they created. |
EditAll | 32 (100000) | Can edit any items. |
Note
Currently the API supports getting existing permissions, but not setting permissions.
The DelegatePermissions object is implemented using a bitmask to indicate the permissions. Each position in the bitmask represents a particular permission and if it's set to 1
then the user has the respective permission. For example, if the second bit from the right is 1
, then the user has Write permission. You can see an example of how to check for a specific permission in the Perform an operation as delegate or shared mailbox user section later in this article.
Sync across shared folder clients
A delegate's updates to the owner's mailbox are usually synced across mailboxes immediately.
However, if REST or Exchange Web Services (EWS) operations were used to set an extended property on an item, such changes could take a few hours to sync. We recommend you instead use the CustomProperties object and related APIs to avoid such a delay. To learn more, see the custom properties section of the "Get and set metadata in an Outlook add-in" article.
Important
In a delegate scenario, you can't use EWS with the tokens currently provided by office.js API.
Configure the manifest
To enable shared folders and shared mailbox scenarios in your add-in, you must enable the required permissions in the manifest.
First, to support REST calls from a delegate, the add-in must request the read/write mailbox permission. The markup varies depending on the type of manifest.
- Add-in only manifest: Set the <Permissions> element to ReadWriteMailbox.
- Unified manifest for Microsoft 365: Set the "name" property of an object in the "authorization.permissions.resourceSpecific" array to "Mailbox.ReadWrite.User".
Second, enable support for shared folders. The markup varies depending on the type of manifest.
Add an additional object to the "authorization.permissions.resourceSpecific" array and set its "name" property to "Mailbox.SharedFolder".
"authorization": {
"permissions": {
"resourceSpecific": [
...
{
"name": "Mailbox.SharedFolder",
"type": "Delegated"
},
]
}
},
Perform an operation as delegate or shared mailbox user
You can get an item's shared properties in Compose or Read mode by calling the item.getSharedPropertiesAsync method. This returns a SharedProperties object that currently provides the user's permissions, the owner's email address, the REST API's base URL, and the target mailbox.
The following example shows how to get the shared properties of a message or appointment, check if the delegate or shared mailbox user has Write permission, and make a REST call.
function performOperation() {
Office.context.mailbox.getCallbackTokenAsync({
isRest: true
},
function (asyncResult) {
if (asyncResult.status === Office.AsyncResultStatus.Succeeded && asyncResult.value !== "") {
Office.context.mailbox.item.getSharedPropertiesAsync({
// Pass auth token along.
asyncContext: asyncResult.value
},
function (asyncResult1) {
let sharedProperties = asyncResult1.value;
let delegatePermissions = sharedProperties.delegatePermissions;
// Determine if user can do the expected operation.
// E.g., do they have Write permission?
if ((delegatePermissions & Office.MailboxEnums.DelegatePermissions.Write) != 0) {
// Construct REST URL for your operation.
// Update <version> placeholder with actual Outlook REST API version e.g. "v2.0".
// Update <operation> placeholder with actual operation.
let rest_url = sharedProperties.targetRestUrl + "/<version>/users/" + sharedProperties.targetMailbox + "/<operation>";
$.ajax({
url: rest_url,
dataType: 'json',
headers:
{
"Authorization": "Bearer " + asyncResult1.asyncContext
}
}
).done(
function (response) {
console.log("success");
}
).fail(
function (error) {
console.log("error message");
}
);
}
}
);
}
}
);
}
Tip
As a delegate, you can use REST to get the content of an Outlook message attached to an Outlook item or group post.
Handle calling REST on shared and non-shared items
If you want to call a REST operation on an item, whether or not the item is shared, you can use the getSharedPropertiesAsync
API to determine if the item is shared. After that, you can construct the REST URL for the operation using the appropriate object.
if (item.getSharedPropertiesAsync) {
// In Windows, Mac, and the web client, this indicates a shared item so use SharedProperties properties to construct the REST URL.
// Add-ins don't activate on shared items in mobile so no need to handle.
// Perform operation for shared item.
} else {
// In general, this isn't a shared item, so construct the REST URL using info from the Call REST APIs article:
// https://learn.microsoft.com/office/dev/add-ins/outlook/use-rest-api
// Perform operation for non-shared item.
}
Limitations
Depending on your add-in's scenarios, there are a few limitations for you to consider when handling shared folder or shared mailbox situations.
Message Compose mode
In Message Compose mode, getSharedPropertiesAsync isn't supported in Outlook on the web or on Windows unless the following conditions are met.
a. Delegate access/Shared folders
- The mailbox owner starts a message. This can be a new message, a reply, or a forward.
- They save the message then move it from their own Drafts folder to a folder shared with the delegate.
- The delegate opens the draft from the shared folder then continues composing.
b. Shared mailbox (applies to classic Outlook on Windows only)
- A shared mailbox user starts a message. This can be a new message, a reply, or a forward.
- They save the message then move it from their own Drafts folder to a folder in the shared mailbox.
- Another shared mailbox user opens the draft from the shared mailbox then continues composing.
The message is now in a shared context and add-ins that support these shared scenarios can get the item's shared properties. After the message has been sent, it's usually found in the sender's Sent Items folder.
REST and EWS
Your add-in can use REST. To enable REST access to the owner's mailbox or to the shared mailbox as applicable, the add-in must request the read/write mailbox permission in the manifest. The markup varies depending on the type of manifest.
- Add-in only manifest: Set the <Permissions> element to ReadWriteMailbox.
- Unified manifest for Microsoft 365: Set the "name" property of an object in the "authorization.permissions.resourceSpecific" array to "Mailbox.ReadWrite.User".
EWS isn't supported.
User or shared mailbox hidden from an address list
If an admin hid a user or shared mailbox address from an address list like the global address list (GAL), affected mail items opened in the mailbox report Office.context.mailbox.item
as null. For example, if the user opens a mail item in a shared mailbox that's hidden from the GAL, Office.context.mailbox.item
representing that mail item is null.