Delegate access outlook issue

Rosco

Rosco

Well-Known Member
Reaction score
332
Location
USA
Good morning nibblers

I have a bit of a weird Office 365 problem. I have a client with these two secretaries who have complete access to his exchange inside Outlook on their computers. That way, they can schedule meetings and send invites to him. They also have their emails for this company in that same outlook profile. Things have been running smoothly for a few years, but now there are some issues. The client keeps getting added as a delegate sender to each of his secretaries through the admin panel. Both employees maintain they didn't do that, and I am inclined to believe them. They've both worked for my client for a long time, this is impeding their work, so I find it unlikely they are adding it. The strangeness is that no options are turned on for delicate access on any of their computers in Outlook. Somehow, delegate access has been turned on in different variations three times over the last month for one or both employees. Any suggestions on troubleshooting this perplexing problem would be greatly appreciated.

I have attached 2 pics of the mail tab under active users in the Office 365 admin panel. 1 is when it is turned off, and 1 is when it is readded.
 

Attachments

  • delegate access .png
    delegate access .png
    15.2 KB · Views: 6
  • delegate access again 1.png
    delegate access again 1.png
    21.5 KB · Views: 6
Yeah, weird, no need for delegate when they have full access. If you turn it off, do you give it propagation time? I know that I've had to wait for that to kick in.
 
callthatgirl said:
Yeah, weird, no need for delegate when they have full access. If you turn it off, do you give it propagation time? I know that I've had to wait for that to kick in.
Click to expand...

Exactly why would this be needed lol. It goes back to normal, and then it turns back on days later. I am at a loss. I have removed delegate access from the admin panel yesterday. Third time I have done this. Which is the only place it appears. I have a feeling within a week or 2, it will somehow be switched back on. Any suggestions?
 
Ghost in the machine here lol. I'd submit a ticket with MS to square it up. They usually figure these oddball things out for me.
 
Yeah open a ticket because you need admin rights to Exchange to change those permissions, and they don't just "change themselves".

You have three permissions there, read and manage, which lets someone see into a mailbox, and move things around. Then you have "send as" which allows the person to spoof the source mailbox for egress mail, and finally "send on behalf", which allows someone to send a mail in someone else's name but the envelope will clearly mark who the original source was.

All 3 permissions are core to Exchange, and again they don't just change themselves... Which leaves me concerned an admin account is compromised.
 
Sky-Knight said:
Yeah open a ticket because you need admin rights to Exchange to change those permissions, and they don't just "change themselves".

You have three permissions there, read and manage, which lets someone see into a mailbox, and move things around. Then you have "send as" which allows the person to spoof the source mailbox for egress mail, and finally "send on behalf", which allows someone to send a mail in someone else's name but the envelope will clearly mark who the original source was.

All 3 permissions are core to Exchange, and again they don't just change themselves... Which leaves me concerned an admin account is compromised.
Click to expand...

I totally get that. I agree. Those options don't tick themselves. I just have no idea the cause.So off to Microsoft, this issue goes
 
I found this: https://www.lepide.com/how-to/detect-mailbox-permission-changes-in-exchange-online.html

And the lower half mucking around in the Purview admin panel seems relevant. I've not tested yet to determine if the suggested Powershell to forcibly enable the required audit feature is required. I know it was required once, but I don't think that's the case anymore.

*edit*
learn.microsoft.com

Manage mailbox auditing

Learn more about managing mailbox auditing for activities taken by mailbox owners, delegates, and admins.
learn.microsoft.com

Mailbox audit logging is turned on by default in all organizations.
Click to expand...

MS Documentation suggests my gut was correct, that feature is enabled by default. Which suggests you can go look for delegated access changes in the purview admin panel and know who did it.
 
You must log in or register to reply here.

Similar threads

lan101
Clarification for frontier email accounts and outlook after Sep 16th
Replies
8
Views
432
callthatgirl
callthatgirl
britechguy
Which Outlook has touched your Google Account, and when, makes a difference in what Microsoft apps & services can access
Replies
3
Views
469
John Kennedy
John Kennedy
SimonB
Microsoft 356 MFA Issue
Replies
12
Views
339
britechguy
britechguy
Rosco
[SOLVED] weird outlook calendar issue
2
Replies
21
Views
1K
britechguy
britechguy
Rosco
[SOLVED] G suite for Outlook sync tool
Replies
7
Views
496
callthatgirl
callthatgirl
Back
Top