When you have delegated access to another person’s mailbox in Outlook, you may want Copilot to summarize emails, draft replies, or find information in that shared folder. By default, Copilot in Outlook only works with your own mailbox because it reads data from your primary Microsoft Graph connection. This article explains how to configure Copilot so it can access a delegated mailbox, whether you are a manager, assistant, or team member who manages another user’s email. You will learn the exact settings in the Microsoft 365 admin center and in Outlook to enable this capability.
Key Takeaways: Delegated Mailbox Access for Copilot in Outlook
- Microsoft 365 admin center > Copilot > Data sources > Microsoft Graph: Must allow Copilot to read content from shared mailboxes using the correct Graph permissions.
- Outlook > Account > Delegates and Sharing: Assign the delegate the correct permission level Editor or Author to let Copilot access the mailbox content.
- Copilot pane > Settings > Mailbox scope: Switch the scope from My mailbox to the delegated mailbox to enable Copilot suggestions on that mailbox.
Why Copilot Cannot Access Delegated Mailboxes by Default
Copilot in Outlook relies on the Microsoft Graph API to read email messages and calendar items. The Graph API uses the authenticated user’s identity to determine which mailboxes are accessible. When a user is granted delegate access to another mailbox, the Graph API does not automatically include that mailbox in Copilot’s data scope unless the delegate is also given explicit application permissions or uses a special scope setting. Microsoft designed this restriction to prevent Copilot from accidentally reading mailboxes the user was not intended to manage. Without the correct configuration, Copilot will only show suggestions based on the user’s own mailbox content.
The Role of Graph Permissions
Copilot in Outlook uses the Mail.Read and Mail.ReadWrite delegated permissions on the Microsoft Graph. These permissions allow Copilot to read the signed-in user’s mailbox but not any shared mailbox unless the shared mailbox is explicitly added to the user’s mailbox scope via a Graph API call. The admin must enable the Mail.Read.Shared permission in the Microsoft 365 admin center and assign it to the Copilot application. This permission grants Copilot the ability to read messages in mailboxes the user has delegate access to.
Delegate Permission Levels
In Outlook, delegates can be assigned different permission levels. The levels that allow Copilot to read the mailbox content are Editor and Author. The Reviewer level only allows reading the subject and sender, not the full message body. Since Copilot needs the full message body to generate summaries and drafts, the delegate must have at least Editor permission on the shared mailbox. The mailbox owner or the admin must set this permission in Outlook > Account Settings > Delegate Access.
Steps to Configure Copilot for Delegated Mailbox Access
Follow these steps to enable Copilot in Outlook to work with a delegated mailbox. You need Microsoft 365 admin rights for the first two steps and delegate access rights for the final step.
- Enable the Mail.Read.Shared permission in the Microsoft 365 admin center
Sign in to the Microsoft 365 admin center as a global admin. Go to Settings > Org settings > Copilot. Under Data sources, select Microsoft Graph. Click Edit permissions. In the Permissions list, find Mail.Read.Shared and turn it on. Click Save. This permission allows Copilot to read messages in mailboxes the user has delegate access to. - Assign the Copilot application to the user in Entra ID
In the Microsoft Entra admin center, go to Identity > Applications > Enterprise applications. Search for Copilot. Select the Copilot application. Under Manage, click Users and groups. Click Add user/group. Select the user who will use Copilot on the delegated mailbox. Assign the Mail.Read.Shared role. This step ensures the user’s Copilot session can use the shared mailbox permission. - Set delegate permissions in Outlook
In Outlook, go to File > Account Settings > Delegate Access. Click Add. Select the user who will be the delegate. In the Delegate Permissions dialog, set the Calendar and Inbox folders to Editor or Author. Click OK. The delegate must have at least Editor level to let Copilot read the full message body. - Switch the Copilot mailbox scope in Outlook
Open Outlook and select the delegated mailbox from the folder pane. Click the Copilot icon in the ribbon to open the Copilot pane. In the Copilot pane, click the Settings gear icon. Under Mailbox scope, select the delegated mailbox from the dropdown. Click Apply. Copilot will now use the selected mailbox as its data source for summaries, drafts, and replies. - Test the configuration
Select an email in the delegated mailbox. In the Copilot pane, type “Summarize this email.” Copilot should generate a summary based on the message body. If you see an error, verify the delegate permissions and the Mail.Read.Shared permission assignment.
If Copilot Still Cannot Access the Delegated Mailbox
Even after following the steps above, you may encounter issues. The most common problems involve permission propagation delays, incorrect delegate levels, or missing Graph consent.
Copilot Shows No Suggestions for the Delegated Mailbox
This usually happens when the delegate permission is set to Reviewer. Copilot cannot read the message body with Reviewer access. The mailbox owner or admin must change the delegate permission to Editor or Author. To verify, go to File > Account Settings > Delegate Access. Select the delegate and click Permissions. Ensure the Inbox folder is set to Editor or Author.
Copilot Returns an Access Denied Error
The Mail.Read.Shared permission may not be fully propagated. Permissions can take up to 24 hours to apply. Wait a few hours and test again. If the error persists, the global admin should revisit the Copilot application permissions in Entra ID and confirm the Mail.Read.Shared role is assigned to the user. Also check that the Copilot application has the Mail.Read.Shared permission enabled in the Microsoft 365 admin center.
Copilot Works on the Primary Mailbox but Not on the Shared Mailbox
This indicates that the mailbox scope setting in the Copilot pane is still set to My mailbox. Open the Copilot pane, click the Settings gear, and change the Mailbox scope to the delegated mailbox. If the delegated mailbox does not appear in the dropdown, the delegate permissions in Outlook may be missing or set to a level below Editor.
| Item | Delegate Permission Editor | Delegate Permission Reviewer |
|---|---|---|
| Description | Full read and write access to folders | Read-only access to subject and sender |
| Copilot can read message body | Yes | No |
| Copilot can summarize emails | Yes | No |
| Copilot can draft replies | Yes | No |
| Required Graph permission | Mail.Read.Shared | Mail.Read.Shared |
After you complete the configuration, Copilot in Outlook will be able to summarize emails, suggest replies, and find information in the delegated mailbox. To maintain access, periodically verify that the delegate permissions in Outlook remain set to Editor or Author. If you manage multiple delegated mailboxes, repeat the mailbox scope selection in the Copilot pane for each mailbox. This setup works for both Outlook for Windows and Outlook on the web.