When I have a shared mailbox and assign an owner to it, users will see the mailbox automatically in the Outlook client. As an owner they can add the mailbox to a new (clean) profile. We want to use the least privilege principle, that's why we don't want to give owner rights to everyone who needs access, that is just too much.

But we are facing problems with delegating access with minimum permissions on Exchange Online Shared mailboxes.

With PowerShell I gave permissions to the root of the mailbox and the Inbox folder with:
Add-MailboxFolderPermission -Identity "<testmailbox>:\" -AccessRights FolderVisible-User <EmailofDelegate>
Add-MailboxFolderPermission -Identity ""<testmailbox>:\inbox" -AccessRights reviewer -User <EmailofDelegate>

When I'm in my own profile I can open the other folder in Outlook with: File - Open & Export - Other User's folder without any problem.

But when the user tries to open the mailbox as a new profile they receive the error as shown in the picture:

Also when I try to open the mailbox in Outlook Web app it gives me an error:

UTC Date: 2023-06-12T13:52:10.955Z
Client Id: 883BD13B76BE4055A1D4xxxx
Session Id: b65536eb-183f-4c97-a043-a8b5cdbe5667ea
Client Version: 20230602011.16
BootResult: accessDenied
Back Filled Errors: None
err: Microsoft.Exchange.Data.StoreObjects.AccessDeniedException
esrc: StartupData
et: ServerError
estack: Microsoft.Mapi.MapiExceptionNoAccess
st: 500
ehk: X-OWA-Error
efe: PA7P264CA0064, AM0PR01CA0079
ebe: PAXPR01MB8397
ewsver: 15.20.6455.31
emsg: ErrorPermissionDenied

A MapiException? That has been turned of by Microsoft months ago.

Also tried a new profile, deleted all other profiles, also with regedit.
Tried a new clean VDI.

Tried it with a new profile without caching, online only.

Tried it by logging in as an owner with the Outlook on the PC, File - Account Settings - Delegate access and assign a delegate.
But nothing seems to work?

What are the minimum permissions for this to work?? 

What am I missing here?