Outlook message encryption - avoid delegate access

New Contributor

Dear community,


we have following challenge.

We would like to use the message encryption option (OME)

It´s simple to implement and fits for most of our needs.


However we have one scenario where it doesnt fits or at least I couldnt find a solution in this community or in Internet.


Our director wants to delegate access to his assistant including inbox but shouldnt be able read encrypted emails 

Is there a solution for this?


Thanks for your support...


11 Replies
Hello, if you can restrict the assistant to use Outlook for Windows only it's possible.


@ChristianJBergstrom thanks for your quick answer.

If I understand you well, OME don´t have a solution for this use case, right?

To somehow block all except Outlook Windows dont think it is a good idea.

It will be challeging to assure never get access..

Maybe there is a way via Powershell?

Question is if it is possible...


Thanks a lot anyway :)



You’re correct. OME cannot accomplish what you’re looking for. There used to be a MIP UserVoice request for this scenario, but as Microsoft has closed down UV for this and other products I don’t know what has happened to it. Sorry..

iOS and Android allow opening an encrypted message of a delegated mailbox. Any way to disable this similar to disabling access to OWA?

Don't know really, not within my field so to speak.

"Is delegated access supported with opening encrypted messages? Even if a delegate has full access to another user's mailbox?

- Delegated access of encrypted mail is supported in Outlook on the web, Outlook for Mac, Outlook for iOS, and Outlook for Android. Outlook for Windows does not support delegated access."


OME isn't really designed to handle complex access situations. If I were you. I'd consider using a sensitivity label that restricts access to a limited set of reciipients.

Agreed, but if going down that road it needs some structure and planning incl. people from your business (to classify and protect). I.e. the very opposite from the easy to use built-in encryption with OME @josecachairo 


hi all,

meanwhile we tested and indeed delegates CAN´T read encrypted emails. So it is working as we expected and Microsoft information is confusing (not clear enough) to this matter.

So if you use OME, delegate can´t not read those emails (encrypt only).

I recommend you to test it also in iOS, Android to be sure.

See below.

Thanks @ChristianJBergstrom  and @josecachairo. This is helpful.

@BHartNL @josecachairo Hello again, simply writing to update and correct my previous reply. It didn't seem consistent (logical) so thought it might had to be because all of my cached credentials doing all my testing. So I set it up again, from scratch and this time with a new W10 profile as well.


1. The delegate cannot see the encrypted email (just the wrapper). If clicking it will direct to error.

2. The delegate can see it using Outlook on the web.