Two Policeman watching email

Do you fully understand the implications of granting access to your email? Are you well-versed in the available options and equipped to make informed choices? Have you implemented a robust policy that not only ensures compliance but also fortifies the security of your company? These are crucial questions that demand clear answers. If you already have responses in place, you’ve taken a proactive step toward addressing these critical considerations.

Microsoft 365 and Exchange Logo

In Microsoft 365 and Exchange, email delegation refers to the process of granting someone else permission to manage your mailbox and emails on your behalf. This feature allows users to assign specific roles and permissions to others, enabling them to read, send, and organize emails without having to share login credentials. Delegated access is commonly used in scenarios where individuals or teams need to collaborate closely or manage shared responsibilities within an organization.

Hand holding up three fingersThere are different levels of delegation in Microsoft 365, including:

  1. Delegate Access: This allows someone to manage your emails, calendar, and contacts. Delegates can act on your behalf, such as scheduling meetings or responding to emails.
    .
  2. Send On Behalf: With this permission, someone can send emails on your behalf, but the recipient will see both your name and the delegate’s name.
    .
  3. Send As: This permission level gives someone the ability to send emails from your account as if they were you. The recipient won’t be aware that the email was sent by a delegate.

It’s important to configure delegation settings carefully, considering the level of access required and ensuring that it aligns with security and privacy policies. Users can manage delegation settings through the Microsoft 365 admin center or Outlook desktop application, depending on their roles and permissions within the organization.

To maintain compliance and enhance security measures, it is imperative for every Managed Service Provider (MSP) to establish a comprehensive email delegation policy. At a minimum, this policy should stipulate that access requests must originate from the primary principal or email account owner, explicitly specifying the intended grantee and, if applicable, the access removal date. Documentation of such requests should be in writing, preferably through a ticketing system that records all associated communications.

In addition to the core policy, MSPs should maintain essential information, including:

  • Email Delegation Allowance: Clearly define whether email delegation is permitted within the organization.
  • Authorization Procedures: Specify who has the authority to request and approve access, eliminating unnecessary bureaucratic hurdles.
  • Chain of Command: Outline the organizational hierarchy and the authority vested in each individual to streamline decision-making processes.
  • Access Duration: Determine whether requests must include an end date for delegated access.
  • Types of Delegation: Clearly articulate the types of email delegation allowed within the MSP.
For business owners, implementing an email delegation policy is pivotal for several reasons.

It establishes precise guidelines, reinforces security protocols, and ensures seamless communication. Moreover, when discerning the true sender of an email sent on behalf of someone else, the configured 365 Exchange environment, coupled with an established audit process, facilitates accurate identification.

Furthermore, these policies commonly encompass directives on record-keeping and archiving. This is indispensable for compliance, guaranteeing that crucial communications are preserved for future reference or audit purposes. By addressing these aspects, businesses can fortify their email practices, promote transparency, and adhere to regulatory standards.