View our latest articles

Why is Office 365 not prompting for MFA?

Written by Saajid Gangat in Microsoft,Microsoft 365,Microsoft 365 Guides Last Updated July 31, 2023

“MFA” or “Multi-Factor Authentication” is a process of authentication where access to a service requires more than just a username and password before granting access to that particular service. This access can be granted via a one-time code sent to a user’s mobile device via SMS text or a phone call to a user’s office/desk phone. More recently, biometrics have had an active approach in the handling of MFA, allowing users the ability to use their thumb/fingerprint or a retina or face scan, instead of a phone call or text. In any event, your ID and password alone aren’t sufficient to access a system/resource.

Step by step process:

  1. First you need to sign in to the Microsoft 365 admin center with global admin credentials available
  2. Next under the navigation panel on the left click show all.
  3. Then choose Azure Active Directory > Then Azure Active Directory. Here you can access the main portal or features relevant to MFA.
  4. Once the properties panel is open, you can click Manage Security Defaults
  5. Once clicked it will open a panel on the right where you can change the settings to your requirements. In this case we need to have the permission set as “yes” to allow for access to the MFA setting.
  6. Finally, click save to change and administer the new settings which will be default until changes are prompt:

A user that needs to use MFA has to enable Modern Authentication which is a Microsoft feature that allows Active Directory Authentication Library based sign in and multi-factor authentication, users who were previously logged into Office 365 in their Outlook clients – even clients that support Modern Authentication – may still experience an issue where the Modern Authentication browser window does not appear for them.

To resolve this issue, you need to first ensure that you have enabled Modern Authentication for Microsoft Office on Windows devices and on the Online Office tenant. Be aware that Modern Authentication is only supported natively in a modern version of Outlook primarily the “2016” variation. Modern Authentication is not available with previous variations.

Upon prompting a user for MFA, there is another feature that has active participation in the in the MFA process. The feature setting is also quite hard to find easily as its stored in the MFA service settings for the user device. The Multi-Factor Authentication feature sets a persistent cookie on the browser when a user selects the “Don’t ask again” for any length of days option at sign-in. The user is not prompted again for Multi-Factor Authentication from that same browser until the cookie expires. If the user opens a different browser on the same device or clears their cookies, they are prompted again to verify.

azuredevs

Empower your devs with DevSecOps
Give your devs the tools they need to create & deliver secure, innovative applications quickly and collaboratively.

Get expert help migrating & modernising
Set up your cloud environment confidently with help from the Azure Migration & Modernisation Programme.
azure windows30 day FREE trial

How to access MFA settings:

One way to prompt the MFA is to enable security default which will essentially allow users to access the full range of security features including additional login parameters. Security defaults is a set of basic identity security mechanisms recommended by Microsoft. When enabled, these recommendations will be automatically enforced into the organization. Administrators and users will be better protected from common identity-related attacks.

How to turn Security defaults on or off:

  • First you need to sign in to the Microsoft 365 admin center with global admin credentials available.
  • Next under the navigation panel on the left click show all.
  • Then choose Azure Active Directory > Then Azure Active Directory. Here you can access the main portal or features relevant with the MFA stages.
  • After that click properties in the manage section. You may need to scroll down the panel to access the properties tab, then click Manage Security Defaults
  • Once clicked, it will open a panel on the right where you can change the settings to the preference required. In this case we need to have the permission set as “yes” to allow for access to the MFA setting.
  • Finally, click save to change and administer the new settings which will be default until changes are prompted:

Users remain signed up on trusted devices:

The Azure AD sign-in network gives users the option to remain signed in until they explicitly sign out. This doesn’t change Azure AD session lifetime but allows sessions to remain active when users close and reopen their browser. This will create a persistent cookie on the endpoint, so the users’ session is stored. The Azure AD default for browser session persistence allows users on personal devices to choose whether to persist the session by showing a “Stay signed in?” prompt after successful authentication.

The image above shows a list of instructions the user needs to follow in order to disable the “Keep Sign in feature” and enable MFA each time you login.

  • First you need to access the Azure Active Dictionary panel which is where all the management content is located.
  • After that you need to click company branding where accounts related to the Microsoft domain are located.
  • After that click the associated account related to the one you wish to change the sign in features on.
  • Finally, go to the option “remain signed in” and click yes. Once that is complete you can click save and it will automatically save the settings and will prompt MFA login credentials again every time the user tries to login.

How to set up email forwarding in the Exchange admin center?

Written by Saajid Gangat in Exchange,Exchange Guides,Microsoft Last Updated July 26, 2023

Email forwarding allows you to forward email messages delivered to one user’s inbox to another user’s mailbox within or outside your company. Email forwarding allows you to set up a mailbox so that email messages sent to one user’s mailbox are sent to another user’s mailbox inside or outside your company. You may have corporate requirements for setting up email forwarding for a user’s mailbox as an administrator of an organisation. Below is a step by step process to allow users of a Microsoft Exchange network to set up forwarding.

Step by step process for setting up email forwarding in the Exchange admin center

  1. Firstly, sign into an Office 365 account — please make sure that you are a Microsoft 365 global or Exchange admin
  2. Next you need to visit the admin dashboard by clicking on the app launcher icon followed by “admin”.
  3. Click or tap on show all and click on Exchange
  4. Under recipients on the left hand side menu click on mailbox — this will bring up all the mailboxes connected to your organization
  5. Then tap on the mailbox you wish to set up email forwarding for — please note that you cannot select multiple mailboxes to set up email forwarding; you have to do it one at a time
  6. A panel will be displayed on the right side of the display showing information related to the Mailbox account. Here you need to navigate to Mail flow settings and under it, click on manage mail flow settings.
  7. Click on the edit button displayed next to email forwarding
  8. By default “Forward all emails sent to this mailbox” will be off. You need to turn it on by clicking on the switch which says “off” — if it’s on, leave it and progress to the next stage.
  9. Once on it will bring up a dialogue box where you need to type out the email address of the user you wish to set up mail forwarding to — note you can only set up forwarding for one person.
  10. “Keep a copy of forwarded email in this mailbox” will be off. You may want to turn this on if you wish to keep a copy of the forwarded mail.
  11. Click on save to keep the new settings active.

If you’d like a video walkthrough, we’ve created a YouTube video that walks through the steps that we’ve given above. Give the video a watch here:

Why have email forwarding?

Using a simplistic way of forwarding email-based content modifies the users who receive the email content but does not modify the users that send the email content. The field, also known as the envelope sender field, is not the same as the “from” header that most email clients show; it refers to a field used in the early stages of the “Simple Mail Transfer Protocol” and later preserved as the Return-Path header. This parameter contains the address to which mail systems must send bounce messages, if any, to indicate delivery failure or success.

Setting up and allowing for remailing or redistribution, on the other hand, can refer to both resending a message and altering the “envelope sender” field. A good example would be electronic mailing lists. Messages are sent to an email reflector, a program that acts as the forwarding broadcaster of email messages to the names on a distribution list, which remails them to each list’s address. Bounce messages (which reflect a failure to deliver a message to any list-subscriber) will no longer reach the message’s originator. Embarrassingly misconfigured vacation auto-replies, on the other hand, do reach writers.

Mail forwarding can be done automatically using a non-interactive client, such as a mail retrieval agent, which downloads or fetches email from a remote mail server. Although the retrieval agent utilises a client protocol, this forwarding is similar to server forwarding in that the message identification is preserved. Concerns regarding the sender of the envelope apply.

In depth step by step process: How to set up forwarding in the Exchange Online admin center

  • To start you need to sign in to your Office 365 account where the Exchange mailbox is located. The Office 365 dashboard allows users to manage all Microsoft based content such as the mail, suite and applications relevant to the software.
  • Then navigate to the application launcher which is illustrated by 9 dots in the top left corner of the dashboard. In the dashboard click on admin as shown below.
  • Once you’re on the admin dashboard you need to then click on Exchange which is under the admin centers section. You may need to click show all if it’s not already pinned to the main launcher area.
  • Under recipients on the left hand side menu click on mailboxes — this will bring up all the mailboxes connected to this specific network.
  • Then tap on the mailbox you wish to set up email forwarding for. Please note that you cannot select multiple mailboxes to set up email forwarding; you have to do it one at a time.
  • The account settings and presets will show up in a panel on the right side of the display. Here under mail flow settings, click on manage mail flow settings.
  • Another pop up will show this time where you can edit the mail flow settings. Here you want to click on edit next to email forwarding
  • Here “Forward all emails sent to this mailbox” will be either on or off. In this case it’s off, so you need to turn it on to activate mail forwarding preferences.
  • Next you need to type out the users you wish to add to the email forwarding list for the user. Note that you can add multiple users here. Turn on “Keep a copy of forwarded email in this mailbox” if you want the mail to also show up in the mailbox you’re forwarding mail from.
  • Finally, click on save. This will save the changes.

Microsoft 365 should now change your presets to the new settings, and you should now be able to forward email-based content to the user you just determined.

Thanks for reading our blog post! We really hope that you’ve found it useful. If you have any questions, please feel free to leave a comment below, and we’ll get back to you soon.

Can I use Sharepoint without subscribing to M365?

Written by Saajid Gangat in Microsoft,SharePoint,SharePoint Guides Last Updated July 27, 2023

A SharePoint team site is established when you or your users create Microsoft 365 groups (for example, in Outlook or by forming a team in Microsoft Teams). Admins and users may also utilize SharePoint to establish team sites, which will generate a Microsoft 365 group. The group owners are added as site owners, and the group members are added as site members, for group-connected team sites. Most of the time, you’ll want to share these sites with others by adding them to your Microsoft 365 group, However is it possible to attain this.

You do not need to subscribe to Lync or Exchange to use SharePoint online, which is part of the M365 services. If you want to use SharePoint Online, here is how you do it. You also don’t need to sign up for a separate Microsoft account because the service is self-contained in its own subscription package.

Steps to get Sharepoint subscription independently

  • Next view all plans they have available which in this case they have three:
    • Sharepoint Online plan 1 – USD$5.00
    • Sharepoint Online plan 2 – USD$10.00
    • Office 365 inclusive E3 plan – USD$20.00
      • This plan includes Office 365 as part of the plan you may skip this particular package if you don’t want Office 365
  • Once you have selected the correct plan click buy now
  • It will ask you to fill out a detail panel with your personal information and bank details for subscription.
    • Note you will not be able to purchase a plan if you already have an active plan on your desktop or device — you will need to either cancel or remove the current plan to activate the new plan.

Each plan offers different elements to help different-sized businesses get exactly what they require. The more features being provided the higher the price which may prompt users to consider budgeting for a better plan to ensure effective transfer of files internally and externally. Microsoft thankfully gives a rough guide to allow businesses to see which plan they should get if they require SharePoint on its own.

Why subscribe to SharePoint Alone?

Organizations must purchase a “seat,” or individual user license, for each user who will be accessing SharePoint Online with SharePoint Online. Organizations simply pay for access to the software rather than the program itself because there is no software or infrastructure to install. These licenses are sold on a month-to-month basis, per user.

More information on the subscription plans available

PlanWhat’s included
SharePoint Online Plan 11 TB of OneDrive storage per user
Secure internal and external file sharing Offline syncing
Co-authoring in Microsoft Office apps
Ability to build and manage intranets and portals
Organize and manage content in libraries and lists with metadata, records management, and retention policies
Move and manage files between OneDrive and SharePoint
Extensive search functions
SharePoint and OneDrive mobile apps for Android™, iOS, and
FastTrack deployment support with purchase of 50+ seats at no extra cost
24/7 phone and web support Licensed for commercial use
SharePoint Online Plan 2As Plan 1 plus:
Unlimited personal cloud storage
Enhanced and customizable search features
Find content in electronic format for litigation or audit scenarios
Use advanced DLP capabilities to identify, monitor, and protect sensitive information
Use In-Place Holds to programmatically preserve content from deletion or edit

Sharepoint Server plans

SharePoint instances installed on-premise are licensed differently. Users of the SharePoint Server must acquire two types of licenses: one for the SharePoint instance itself, and another for each person or device using SharePoint.

Below is how Microsoft has laid out the content and what they find appropriate for businesses of different scales or sizes. 

  • They found that the cheapest plan worth $5.00 has adequate features for a small to midsize business to succeed
  • They also found that the SharePoint plan 2 is best suited for larger enterprises who will find the extra features not available in plan one of high value to their company or organisation. For example the second plan work $10 includes personal user storage which the first plan doesn’t include and some organisations may find a use for this considering the second plan to be better for them.

To summarize you can purchase a Sharepoint plan without a Microsoft account for reasons including the use of no infrastructure such as the office suite or reduction in price. The trade-off varies from company to company however, what this mainly allows is Microsoft to cater towards more people and expand its target audience allowing people to customize exactly what they want. Many will spend the extra money and get the full package with the whole Office suite included, however, there may be some who find buying the full suite quite extensive and therefore choose an alternative to SharePoint. This is another reason why Microsoft has also included separate plans for SharePoint.

SharePoints main competitors

  • Google Drive
  • Workzone
  • Box for Business
  • Dropbox for Business
  • Citrix ShareFile
  • Hightail
  • Quip
  • Confluence
  • Igloo
  • Alfresco
  • Samepage
  • Redbooth

Many of the above are free and are inclusive as a free additional extra as opposed to purchasing a full plan like SharePoint. Therefore offering Sharepoint on its own secures an additional extra for users who may wish to use it on its own.

Do you need a Microsoft account to use SharePoint?

Written by Saajid Gangat in Microsoft,SharePoint,SharePoint Guides Last Updated July 27, 2023

Users who use the Microsoft suite may often need to transfer files between other colleagues or members within a group or an organisation or even externally with members of another group or organisation. However, manually transferring this data via email or a third party share platform like Dropbox may cause the file to get lost and more apparent, the reduction in content organisation under one drive or network. Microsoft has found a solution to this issue and created Sharepoint. Sharepoint allows users to share content with internal or external users who have an active link that’s not expired or the correct permissions.

Step by step on how to edit permissions:

Here are the steps that will guide you to the file share settings:

  1. Navigate to Office.com > Sign in with the user login information assigned to you > Open the admin portal in the application launcher
  2. You may need to click “Show all” if the SharePoint admin centre isn’t pinned to the app launcher setting.
  3. Once this is accomplished you can click policies drop down menu > Click sharing
  4. Slide the sliders to the correct setting
  5. Click Save

Editing the permissions on the Microsoft share setting function will allow user admins to effectively change who can see the content. This also includes individuals who are outside the organisation while having the link. To ensure users outside the organisation and those who don’t have a Microsoft account get content without issue, make sure the correct permissions are enabled for them to access the content.

SharePoint is a Microsoft Office web-based collaboration platform. SharePoint, which was first released in 2001, is generally marketed as a document management and storage system, although it is highly flexible, and its use varies greatly amongst organisations who have use for the software. Microsoft has hosted SharePoint as an inclusive and integral part of the “Microsoft 365” subscription packages, however, if the user wishes they may also purchase the application individually. SharePoint Online provides the benefit of not requiring the maintenance of one’s own servers, but it lacks the customization capabilities of a self-hosted SharePoint installation.

Step by Step Process: Sharing SharePoint files with external users – even if they don’t have a Microsoft account

If the permission is denied or the sharing fails, go to the SharePoint/OneDrive panel and change the share settings. The SharePoint and OneDrive share change functionality allows users to change their share settings on demand, giving them more control over how the data they submit is handled. Users will be able to limit what they can do with the less permissive settings provided. This will control who the data is shared with, lowering the risk of delivering content to the wrong people. The more permissive options are gradually introduced, allowing users to distribute data and files to many recipients. This setting is for more genetic data that has to be distributed to a bigger group of people with no restrictions on link sharing or controls.

Above is the external share panel users will see when they first access the settings to change the share data settings available. Below explains the list of attributes the permission setting accomplishes for the users.

  • Anyone –
    • External users and guests can access shared files and folders using a link that don’t require sign-in. This option is also called Anonymous sharing because basically anyone with the link can have access to the files.
  • New and Existing Guests –
    • This is the default permission for new Microsoft 365 connected sites. External users and guests must sign to access the shared files or folder. They can either sign in with their Microsoft account or need to enter a verification code. The external users will be added to your Azure-AD as a guest user. You can view your guest users in the Microsoft 365 Admin Centre > Users > Guest Users.
  • Existing Guests –
    • With this option you can only share items with external users that are in your Azure AD as a guest user.
  • Only people in your organization –
    • Basically, disable the external sharing at all. You can only share items internally. This is the default option for SharePoint communication sites.

In Depth Step by Step Process on show to share content externally including members without Office account

  • After you’ve logged in, go to the admin section by clicking the app launcher and then hitting “Admin.” This will provide the user access to the content they need to share.
  • Once you’ve gained access to the admin section, you now go to the next step, which in this case is clicking display all because the admin centre feature isn’t pinned to the main launcher taskbar. To access additional content, the user must select “Show all” below.
  • When you select Show, all users will see the admin centre, where they can go to the SharePoint area and make the necessary changes to share material across. SharePoint is a native sharing site that allows users to exchange content across networks and with other users. This includes users with external platforms who may not be able to receive data given to them owing to the platform’s limitations.
  • The following step in the process needs users to go to the policies section and access the sharing panel. Users will be able to view the sharing section settings and make changes to the permissions that are relevant to their needs.
  • This is what the share panel looks like with the points mentioned above in regard to the categories of sharing content.
  • Finally, the users can then use the sliders to change their permission settings to the required category regarding what they need. The final setting will allow the users to adjust the requirements regarding who the data can be sent to in their network. The most permissive category as stated before will allow users to share to almost anyone than progress reduces the amount of people who can receive the data until its quite specific in regard to who finally receives the data. 
  • Finally, the users can click save which will allow them to secure the recently changed settings to what they require. Once the setting has been updated anyone can view the document or progressively lower and less permissive settings they can then send the file to an external user.

How to stop Office 365 prompting for MFA

Written by Saajid Gangat in Microsoft,Microsoft 365,Microsoft 365 Guides Last Updated July 27, 2023

MFA or Multi-Factor Authentication for Office 365 is Microsoft’s own form of multi-step login to access a service or device. This stage of security allows organizations with any active subscriptions to enable multi-step security for their Office 365 users without requiring any additional purchase or subscription or plans.

Step by step process –

  1. To make necessary changes to the MFA of an account or group of accounts you need to first login to Office 365 which is where the admin dashboard is located to make changes possible.
  2. Below is the app launcher panel where the features such as Microsoft apps are located. You need to locate a feature which says admin. Click the launcher icon followed by admin to access the next stage.
  3. Once this is complete you will have access to the admin dashboard where you can control the entire Microsoft suite related to the organisation. 
  4. Click show all in the navigation panel to show all the necessary details related to the changes that are required.
  5. After that in the list of options click on Azure Active Directory.
  6. Now you need to locate the Azure Active Directory, here you can make the necessary changes related to the login.
  7. Once this is complete you now need to scroll down the navigation panel and find the tab “company branding”
  8. Once this is complete a panel on the right will open up, you now need to go to the bottom of the panel (which may require scrolling down to find) and click Show option to remain signed in
  9. Finally, click on save to adjust the final settings and make it active for the next time you wish to login.

MFA will greatly improve the security of users logging in to cloud services and is more robust than simple passwords. With Office 365’s multi-factor authentication, users need to confirm the call, text message, or application notification on their smartphone after entering the correct password. The user can log in only after the second authentication factor is met.

Since June 2013, Office 365 management roles can use multi-factor authentication, and today they have had the ability to extend this feature to any Office 365 user. Microsoft has also enhanced the features that have been available since June. The company is adding application passwords for users so that they can authenticate from the Office desktop application, as these have not been updated to enable multi-factor authentication. Conveniently they also allow users who authenticate from the “federated local directory” to enable multi-factor authentication. However some may choose to verify their devices and actively prevent MFA from prompting every time upon login.

After successful authentication, you will receive an access token and a refresh token to be able to access Office 365 services. The access token is only valid for one hour. This token can be either a passcode sent via SMS or can be an email or phone call to a verified email address or phone number. Once verified, you may not be asked for multi-factor authentication again for up to 90 days in Outlook or Office 365.

security office365 windows 11
info Recommended Software

Below is a list of factors that could potentially cause Office 365 to prompt for MFA:

  • If you sign in and out again in Office clients.
  • Device inactivity for greater than 14 days.
  • Recent Password changes after authentication.
  • Administrators of the Office plan can apply conditional policies to restrict the resource the user is trying to access.
  • Switches made between different accounts.

Azure Active Directory – Control MFA

The Microsoft agent software in charge of maintaining the MFA and user credentials and details is called Azure Active directory. Azure ensures people who are on-site or remote, seamless access to all their apps so that they can stay productive from anywhere. Other potential benefits include having the ability to automate workflows for user lifecycle.

azuredevs

Empower your devs with DevSecOps
Give your devs the tools they need to create & deliver secure, innovative applications quickly and collaboratively.

Get expert help migrating & modernising
Set up your cloud environment confidently with help from the Azure Migration & Modernisation Programme.
azure windows30 day FREE trial

However, one of the unique factors include the ability to safeguard user credentials by enforcing strong authentication and conditional access policies. This allows users to efficiently manage identities by ensuring that the right people have the right access to the right resources which include the MFA access. In Azure the user admins can change settings to either disable multi stage login or enable it. 

How to actively change MFA settings

  • To make necessary changes to the MFA of an account or group of accounts you need to first login to Office 365 which is where the admin dashboard is located to make changes possible.
  • Below is the app launcher panel where the features such as Microsoft apps are located. You need to locate a feature which says admin. Click the launcher icon followed by admin to access the next stage.
  • Once this is complete you will have access to the admin dashboard where you can control the entire Microsoft suite related to the organisation. 
  • Click show all in the navigation panel to show all the necessary details related to the changes that are required.
  • After that in the list of options click on Azure Active Directory.
  • Now you need to locate the Azure Active Directory, here you can make the necessary changes related to the login.
  • Once this is complete you now need to scroll down the navigation panel and find the tab “company branding”
  • Once this is complete a panel on the right will open up, you now need to go to the bottom of the panel (which may require scrolling down to find) and click Show option to remain signed in.
  • Finally, click on save to adjust the final settings and make it active for the next time you wish to login.

The Azure AD sign-in process provides users with the option to stay signed in before explicitly signing out. This does not change the Azure AD session lifetime but allows the session to remain active when the user closes and reopens the browser. Set this to “No” to hide this option from your users.

The login frequency allows the administrator to select the login frequency for the first and second factors that apply to both the client and the user.  Admins are recommended to use these settings as well as managed devices in situations where there is a need to restrict authentication sessions (such as business-critical applications).

Persistent browser sessions allow users to stay logged in after closing and reopening the browser window. Like keeping login settings, it sets a persistent cookie on the browser.

Thanks for reading! We hope you’ve found this blog post useful. If you have any other questions, please leave a comment below.

surface pro 8Surface Go 3surface pro 8

How To Add A Delegate To Your Inbox In Outlook

Written by Jack Mitchell in Microsoft,Outlook,Outlook Guides Last Updated July 28, 2023

Whatever the reason you need to add a delegate to your inbox, it’s a difficult process without instructions because there are quite a few steps. To make setting up delegates a simple process, I created this step-by-step guide with screenshots.

Here’s how you can add a delegate to your inbox in Outlook:

  1. Open Outlook
  2. Right-click the root folder in Outlook and click Folder Permissions
  3. Click Add… and select the user within your organization that you want to delegate access to
  4. Select the permissions that you want the delegate to have
  5. Click OK

After you’ve done the process outlined above, you might want to add your inbox to the delegate’s Outlook desktop client folders so they can easily access your account as needed. The process below details how you can add your folder to the delegate’s desktop client:

  1. Open Outlook
  2. Click File and then Account Settings
  3. Click Account Settings…
  4. Click your email address and then Change…
  5. Click More Settings
  6. Click Advanced and then Add…
  7. Type in the mailbox you want to add
  8. Click OK
  9. Leave the Account Settings window and return to the Outlook home page
  10. The inbox will be in the sidebar. Open it

Throughout the rest of this blog post, I’m going to go through the process of adding a delegate to my inbox on Outlook, demonstrating the entire process with screenshots. Follow the step-by-step guide below to easily add a delegate to your inbox.

security office365 windows 11
info Recommended Software

Add A Delegate To Your Inbox In Outlook [Step-By-Step With Screenshots]

Whatever the reason you want to add a delegate to your inbox, it’s a really simple process if you follow the process outlined below.

  1. Open Outlook
  2. Right-click the root folder in Outlook and click Folder Permissions
  3. Click Add… and select the user within your organization that you want to delegate access to
  4. Select the permissions that you want the delegate to have
  5. Click OK

Please note that you can only follow the steps outlined above if you [and the delegate] have Microsoft Exchange Server accounts. If you are using Outlook for Microsoft 365, Outlook 2019, or Outlook 2016, you can follow the process we’ve detailed.

Here’s the entire process — with screenshots.

  • Open Outlook
  • Right-click the root folder in Outlook and click Folder Permissions

The root folder will be the one with your email as its title [I’ve highlighted this in the screenshot next to number 1].

Right click this and then click Folder Permissions, which will open up the settings that allow you to choose who you delegate your inbox to and customize the permissions they have.

Note that the process is slightly different if you are using Outlook on a Mac. If you are using Outlook on a Mac, right click on the root folder and click Sharing Permissions…[as shown in the screenshot below].

The wording is slightly different on a Mac. Instead of Folder Permissions, you click Sharing Permissions…
  • Click Add… and select the user within your organization that you want to delegate access to

Click Add [Outlook on Windows/Add User… [Outlook on Mac] and then search for the user that you want to delegate inbox access to. For the purposes of this demonstration, I’ve created a fake user [Bob Picardo] who we’re going to make a delegate of my inbox.

Remember, this will look slightly different on a Mac. You should see something similar to the screenshots below.

An old pencil drawing of Don Quixote and Sancho Panza sitting on their horses, by Wilhelm Marstrand.
  • Select the permissions that you want the delegate to have

Once you’ve chosen a delegate in the previous step, you can decide on the permissions you want them to have. The screenshot above is from Outlook on a Mac, although it looks very similar on Windows.

As you can see, there are a wide range of permissions available that you can assign to delegates. There are some pre-made configurations created by Microsoft, or you can manually choose the permissions that you want the delegate to have.

Rather than giving the delegate complete access over your inbox [by assigning all permissions], it’s a good idea to consider why you’re adding a delegate to your inbox and choosing just the permissions they’ll need. This enables you to keep control over your data and certain features you don’t want your delegate controlling.

For example, if you just want a delegate to read and respond to your emails, select the ‘Author’ permission level and they’ll be able to read emails, delete emails they create, and create and edit items (emails and calendar entries etc.).

  • Click OK

Once you’ve chosen the permissions that you want the delegate to have, click OK.

Modifying the permissions assigned to the delegate are as simple as following the steps through, accessing folder permissions/sharing permissions again and customizing the permissions as you see fit. You can also follow that process to remove a delegate if you no longer want them to have the permissions you’ve granted.

The delegate can now open up your inbox and use it in the way you’ve decided.

Next, I’ll walk you through adding your folder to the delegate’s Outlook desktop client.

surface pro 8Surface Go 3surface pro 8

How To Add Your Inbox To A Delegate’s Outlook Desktop Client

Once you’ve followed the process outlined before, you’ll need to add your inbox to the delegate’s Outlook desktop client to make it easily accessible. Fortunately, this is an easy process.

  1. Open Outlook
  2. Click File and then Account Settings
  3. Click Account Settings…
  4. Click your email address and then Change…
  5. Click More Settings
  6. Click Advanced and then Add…
  7. Type in the mailbox you want to add
  8. Click OK
  9. Leave the Account Settings window and return to the Outlook home page
  10. The inbox will be in the sidebar. Open it

Here’s a step-by-step guide with screenshots.

  • Open Outlook
  • Click File and then Account Settings
  • Click Account Settings…
  • Click your email address and then Change…
  • Click More Settings
  • Click Advanced and then Add…
  • Type in the mailbox you want to add
  • Click OK
  • Leave the Account Settings window and return to the Outlook home page
  • The inbox will be in the sidebar. Open it

As you can see, the mailbox I added is now in my list of mailboxes. I can open the inbox and see the emails received by that email address.

If you are unable to open your inbox on the delegate’s Outlook desktop client, this suggests you haven’t shared your mailbox properly in the steps outlined previously. Return to the previous steps and ensure you followed them all precisely and set all the necessary permissions.

Thanks for reading! If you have any questions, please leave a comment below and we’ll happily help!