You assigned a user a Copilot for Microsoft 365 license, but when the user asks Copilot to summarize an email or draft a reply from a shared mailbox, Copilot returns an error or says it cannot find that mailbox. This problem occurs because Copilot relies on the user’s own Microsoft Graph permissions and the shared mailbox is not a licensed user object that Copilot can authenticate against directly. This article explains the technical cause of this access failure and provides the exact steps to grant Copilot access to shared mailboxes in your tenant using Exchange Online PowerShell or the Microsoft 365 admin center.
Key Takeaways: Granting Copilot Access to Shared Mailboxes
- Exchange Online PowerShell > Add-MailboxPermission: Grants the user FullAccess and AutoMapping to the shared mailbox so Copilot can read and respond to its content.
- Microsoft 365 admin center > Shared mailboxes > Edit mailbox > Delegates: Alternative GUI method to assign Full Access permission to a user.
- Copilot pane > Settings > Data sources: After permission is granted, the user must select the shared mailbox as an active data source within Copilot.
Why Copilot Cannot Access a Shared Mailbox
Copilot for Microsoft 365 authenticates as the signed-in user and queries Microsoft Graph for data that user can read. A shared mailbox is not a licensed user account with its own Copilot license. It is a shared container that multiple users can access, but Microsoft Graph treats it as a resource mailbox without an authentication identity. When Copilot attempts to read or write to a shared mailbox, it receives an access denied or resource not found response because the user token does not include explicit permission to that mailbox.
The root cause is that Copilot does not inherit delegate permissions automatically from the Exchange Online client. Even if a user can open a shared mailbox in Outlook, Copilot runs in a different context that requires explicit mailbox-level permission in Exchange Online. Without this permission, Copilot cannot enumerate folders, read emails, or draft replies in that shared mailbox.
Steps to Grant Copilot Access to a Shared Mailbox
You must assign Full Access permission to the user for the target shared mailbox. Use either Exchange Online PowerShell or the Microsoft 365 admin center. After the permission is assigned, the user must configure Copilot to use that mailbox as a data source.
Method 1: Assign Permission Using Exchange Online PowerShell
- Connect to Exchange Online PowerShell
Open Windows PowerShell as an administrator. Run the commandConnect-ExchangeOnlineand sign in with a global admin or Exchange admin account. - Identify the shared mailbox and user
RunGet-Mailbox -RecipientTypeDetails SharedMailbox | Format-Table Name, PrimarySmtpAddressto list all shared mailboxes. Note the PrimarySmtpAddress of the target mailbox. Also note the UserPrincipalName of the user who needs Copilot access. - Add FullAccess permission
Run the commandAdd-MailboxPermission -Identity "sharedmailbox@contoso.com" -User "user@contoso.com" -AccessRights FullAccess -AutoMapping $true. Replace the email addresses with your actual mailbox and user. The-AutoMapping $trueparameter automatically adds the shared mailbox to the user’s Outlook profile. - Verify the permission
RunGet-MailboxPermission -Identity "sharedmailbox@contoso.com" | Where-Object {$_.User -like "user@contoso.com"} | Format-Listto confirm FullAccess is listed. - Disconnect the session
RunDisconnect-ExchangeOnline -Confirm:$falseto close the PowerShell session.
Method 2: Assign Permission Using Microsoft 365 Admin Center
- Open the Microsoft 365 admin center
Go to https://admin.microsoft.com and sign in with a global admin account. - Navigate to shared mailboxes
In the left navigation, select Teams and groups then Shared mailboxes. - Select the target shared mailbox
Click the shared mailbox name from the list. - Edit mailbox delegates
In the properties pane, click Edit next to Delegates. Under Full Access, click Add users and search for the user who needs Copilot access. Select the user and click Add. - Save the changes
Click Save and then Close. Wait up to 30 minutes for the permission to replicate across Exchange Online.
Method 3: User Configures Copilot to Use the Shared Mailbox
- Open Outlook on the web
The user signs in to https://outlook.office.com with their own credentials. The shared mailbox should appear in the folder pane after permission is assigned and AutoMapping takes effect. - Open Copilot
Click the Copilot icon in the top ribbon of Outlook on the web. - Select the shared mailbox as data source
In the Copilot pane, click the settings gear icon, then select Data sources. Under Mailboxes, check the box next to the shared mailbox name. Click Save. - Test access
In the Copilot compose box, type “Summarize the latest email in the shared mailbox named [mailbox name].” Copilot should now read and summarize the content.
If Copilot Still Cannot Access the Shared Mailbox
Copilot shows “No data sources available” even after permission is granted
The user must have the shared mailbox visible in their Outlook folder pane. If AutoMapping did not work, the user can manually add the shared mailbox in Outlook: go to File > Account Settings > Account Settings > select their email > Change > More Settings > Advanced > Add. Enter the shared mailbox email address. After the mailbox appears in the folder pane, Copilot will detect it as a data source.
Copilot returns “Access denied” when using the shared mailbox
The user may not have Send As permission. Copilot can read and summarize emails with only Full Access, but to draft replies from the shared mailbox, the user also needs Send As permission. Assign it with PowerShell: Add-RecipientPermission -Identity "sharedmailbox@contoso.com" -Trustee "user@contoso.com" -AccessRights SendAs. Alternatively, in the admin center, edit the shared mailbox delegates and under Send As, add the user.
Copilot cannot find the shared mailbox by name
Copilot uses the mailbox display name for natural language queries. If the display name contains special characters or is ambiguous, ask the user to refer to the mailbox by its email address. For example, “Summarize emails from the mailbox support@contoso.com” instead of “Summarize emails from the support mailbox.”
Copilot Personal License vs Copilot for Microsoft 365: Shared Mailbox Access
| Item | Copilot Personal License | Copilot for Microsoft 365 License |
|---|---|---|
| Access to shared mailboxes | Not supported | Supported with explicit permission |
| Required permission type | N/A | Full Access and optionally Send As |
| Configuration method | N/A | Exchange Online PowerShell or admin center |
| Data source selection in Copilot | Not available | User must select the mailbox in Copilot settings |
After you assign the correct permissions and the user selects the shared mailbox as a data source, Copilot can read, summarize, and draft replies from that mailbox. If you manage multiple shared mailboxes, consider creating a PowerShell script that loops through all shared mailboxes and applies FullAccess to a support team group. This reduces manual work and ensures consistent access for all Copilot users in your organization.