Blog | G5 Cyber Security

Office 365: Fix ‘Send As’ Permission Issues

G5 Cyber Security

TL;DR

Users are denied permission to send emails as another mailbox in Office 365, despite being granted the necessary permissions. This guide explains how to resolve this issue by checking and correcting Exchange Online settings, PowerShell configurations, and potential caching problems.

Fixing ‘Send As’ Permission Issues

  1. Verify Permissions in Exchange Admin Center (EAC)
    • Log into the Microsoft 365 admin center as a Global Administrator or Exchange Administrator.
    • Navigate to Exchange > Mailboxes.
    • Select the mailbox that is having issues sending ‘as’ another user.
    • Go to Delegation tab.
    • Under Send As, ensure the correct users are listed and have a checkmark next to their names. If not, add them using the ‘+’ icon.
  2. Check ‘Send on Behalf’ Permissions
    • In the same mailbox delegation settings (Exchange Admin Center), also verify permissions under Send on Behalf. While less common, incorrect ‘Send on Behalf’ settings can cause confusion. Add users if necessary.
  3. PowerShell Verification and Configuration

    Use PowerShell to confirm the permissions are correctly set at a granular level.

    • Connect to Exchange Online PowerShell: 
      Connect-ExchangeOnline
    • Check ‘Send As’ permissions for the mailbox (replace user@domain.com with the actual email address): 
      Get-MailboxPermission user@domain.com | Where {$_.User -like "*" -and $_.AccessRights -eq "SendAs"}
    • If the permissions are missing, add them (replace user@domain.com and delegate@domain.com with the correct email addresses): 
      Add-MailboxPermission user@domain.com -User delegate@domain.com -AccessRights SendAs -InheritanceType All
  4. PowerShell: Check ‘Send on Behalf’ Permissions
    • Check ‘Send on Behalf’ permissions: 
      Get-MailboxPermission user@domain.com | Where {$_.User -like "*" -and $_.AccessRights -eq "SendOnBehalf"}
    • If missing, add them: 
      Add-MailboxPermission user@domain.com -User delegate@domain.com -AccessRights SendOnBehalf -InheritanceType All
  5. Address List Synchronization
    • Sometimes, changes to permissions don’t propagate immediately. Force a synchronization of the Global Address List (GAL). This is usually handled automatically but can be triggered manually if needed. In most cases this isn’t required and will resolve itself within 30 minutes.
  6. Outlook Caching Issues

    Cached credentials or outdated profiles in Outlook can cause ‘Send As’ to fail even after permissions are correctly set.

    • Restart Outlook: A simple restart often resolves caching issues.
    • Clear Outlook Profile: Remove and re-add the user’s email account in Outlook. This forces a fresh download of settings.
      1. Close Outlook.
      2. Go to Control Panel > Mail (Microsoft Outlook).
      3. Select Show Profiles…
      4. Remove the affected profile and create a new one, re-entering the user’s credentials.
  7. Hybrid Environment Considerations

    If you have a hybrid Exchange environment (on-premises and Office 365), ensure permissions are synchronized correctly between both systems.

    • Use the Hybrid Configuration Wizard to verify and update directory synchronization settings.
Exit mobile version