Restriction in Exchange online

MVP

Hi Folks ,

  A customer of mine who's a BPO would like to apply the below mentioned restrictions for his users on the mailbox and I'd like to get some clarity on this . 

1. Users should have only read only access on their  own user mailbox so that they can only see the mails which land in their inbox but they can't forward it , delete it or do any kind of actions except reading the mails .

2. A specific set of users other than the one's mentioned above should not be able to add any attachments to the emails while sending an email . 

3. These restrictions should work on all the email clients as well as on OWA .

 

So here's my question ...

1. Is it possible to set read only access on my own mailbox ? I've tried changing the permissions using PowerShell but still I'm not convinced by the fact that changing the permissions to read only would help as the user is the primary owner of his mailbox so would changing the permissions make any difference ? 

2. For my 3rd point above , I'm applying the restrictions on the user's mailbox directly using remote powershell so I guess any email client should honor the restriction set at the mailbox  isn't it ? 

 

Please advise 

cc  @Tony Redmond 

2 Replies

@VigneshGanesan 

 

I don't think this scheme has any chance of working, even if you came up with some complicated set of permissions (that might fall over at any time). Exchange Online is designed on the basis that the mailbox owner has full access to their mailbox. And clients are designed to leverage that access. The customer is obviously living in the past when organizations tried to impose this type of control over what employees do. They need to come into the 21st century.

@Tony Redmond ...Thanks for clarifying Tony