How to Reset Microsoft 365 Delegate Access with PowerShell

Delegate access in Microsoft 365 allows users to manage another person’s mailbox, calendar, and tasks in Outlook. While this feature is essential for collaboration, issues can arise, such as persistent errors even after permissions are removed. These problems often stem from residual configurations or hidden delegate settings in the Exchange environment.

This guide provides a detailed, step-by-step approach to resetting delegate access using PowerShell. By following these steps, administrators can resolve errors and ensure that users can seamlessly manage delegate access in Microsoft 365.

Why Reset Delegate Access?

Resetting delegate access is necessary when:

Users encounter errors when trying to open delegate settings in Outlook.
Removing delegate permissions doesn’t resolve the issue.
Residual or hidden settings conflict with new configurations.

PowerShell offers a precise and efficient method to manage and reset delegate permissions, ensuring a clean slate for reconfiguration.

Prerequisites

Before proceeding, ensure you have the following:

Administrator Access: You need sufficient privileges to manage mailboxes in M365.
Exchange Online PowerShell Module: Install the module if not already done. Use the following command to install it:

Install-Module -Name ExchangeOnlineManagement

Connectivity: Ensure you can connect to Exchange Online PowerShell.

Step-by-Step Guide to Reset Delegate Access

Step 1: Connect to Exchange Online PowerShell

1. Open PowerShell on your system.

Use the following command to connect to Exchange Online:

Connect-ExchangeOnline -UserPrincipalName <YourAdminAccount>

2. Authenticate using your credentials.

Step 2: Verify Existing Delegate Permissions

To check current permissions for the affected mailbox:

Mailbox Permissions:

Get-MailboxPermission -Identity <UserMailbox> | Where-Object { $_.AccessRights -eq "FullAccess" }

Calendar Permissions:

Get-MailboxFolderPermission -Identity <UserMailbox>:\Calendar

This helps identify any active delegate permissions that may need removal.

Step 3: Remove Existing Delegate Permissions

Remove Mailbox Permissions: To revoke delegate access to the mailbox, use:

Remove-MailboxPermission -Identity <UserMailbox> -User <DelegateUser> -AccessRights FullAccess

Remove Calendar Permissions: To clear delegate access to the user’s calendar:

Remove-MailboxFolderPermission -Identity <UserMailbox>:\Calendar -User <DelegateUser>

Step 4: Reset Hidden Delegate Settings

Sometimes, hidden metadata causes persistent errors. Clear these settings with:

Set-Mailbox -Identity <UserMailbox> -RemoveHiddenDelegate

This command removes any hidden delegate configurations, ensuring a clean slate for the mailbox.

Step 5: Reassign Delegate Permissions

After clearing the old settings, you can reassign permissions:

Mailbox Permissions:

Add-MailboxPermission -Identity <UserMailbox> -User <DelegateUser> -AccessRights FullAccess

Calendar Permissions:

Add-MailboxFolderPermission -Identity <UserMailbox>:\Calendar -User <DelegateUser> -AccessRights Editor

Ensure the delegate user has the appropriate access level to perform required tasks.

Step 6: Verify the New Configuration

Use the same PowerShell commands from Step 2 to confirm the updated permissions.
Ask the user to check Outlook for any errors while accessing delegate settings.

Step 7: Advise User on Configuration

Instruct the user to:

Use the Outlook interface to configure delegate access via File > Account Settings > Delegate Access.
Avoid manual permission changes in Outlook that may conflict with PowerShell settings.

Common Troubleshooting Tips

If issues persist:

Reset Autocomplete Cache:
- In Outlook, go to File > Options > Mail.
- Under Send messages, click Empty Auto-Complete List.
Check for Multiple Delegate Users:
- Verify there are no conflicting delegate users assigned to the same mailbox or calendar.
Audit Sign-In Logs:
- Use the Azure AD sign-in logs to identify potential authentication or access issues.

Table: Key PowerShell Commands for Managing Delegate Access

Task	PowerShell Command
Connect to Exchange Online	`Connect-ExchangeOnline -UserPrincipalName <AdminUser>`
View Mailbox Permissions	`Get-MailboxPermission -Identity <UserMailbox>`
View Calendar Permissions	`Get-MailboxFolderPermission -Identity <UserMailbox>:\Calendar`
Remove Mailbox Permissions	`Remove-MailboxPermission -Identity <UserMailbox> -User <DelegateUser> -AccessRights FullAccess`
Remove Calendar Permissions	`Remove-MailboxFolderPermission -Identity <UserMailbox>:\Calendar -User <DelegateUser>`
Clear Hidden Delegate Settings	`Set-Mailbox -Identity <UserMailbox> -RemoveHiddenDelegate`
Add Mailbox Permissions	`Add-MailboxPermission -Identity <UserMailbox> -User <DelegateUser> -AccessRights FullAccess`
Add Calendar Permissions	`Add-MailboxFolderPermission -Identity <UserMailbox>:\Calendar -User <DelegateUser> -AccessRights Editor`

Conclusion

Resetting delegate access in Microsoft 365 using PowerShell is an effective way to resolve persistent errors and ensure seamless delegation management. By removing residual settings, clearing hidden metadata, and reassigning permissions, administrators can provide a smooth user experience and strengthen collaboration.

Medha Cloud specializes in Microsoft 365 and Windows Server management. If you need expert assistance with troubleshooting or optimizing your Microsoft 365 environment, contact Medha Cloud today for tailored solutions.

Reach us at:

India: +91 93536 44646
US: +1 646 775 2855
Website: www.medhacloud.com
Email: info@medhacloud.com

Benjamin Gbolaru

I'm Benjamin, a Microsoft 365 Specialist, helping small and large businesses deploy, configure, and secure M365 environments to maximize the benefits of Microsoft tools. With sound expertise in driving cloud adoption, identity and access management (IAM), security monitoring, system reliability, and proactive troubleshooting.