Well, without the original author available, you’re asking someone to spend potentially several hours to understand your question, do testing, and possibly find a solution. Not everyone has that free time…

But support have time available to respond to customer queries. And if a problem does exist in the software, they can escalate to engineering, so it’s the best outcome.

Hi Tony,
I have to be optimistic. How else I could find solution.
I am not alone. There are at least 5 guys who tried to get response after 2019.
Ok, I will try Microsoft directly if there is only place where to find solution.
Anyway, thank for response!
Have a nice day!

First, it’s kind of optimistic to ask questions for an article written 10 years ago. Lots can change over 10 years, especially in the cloud. Second, Paul doesn’t work on the site anymore. Third, if you have a problem with the way permissions work, it’s best to log a support call with Microsoft. We cannot access your data – they can. And if a problem exists, support can escalate to engineering to have someone work on the issue.

FolderName User AccessRights
———- —- ————
Archive Default {None}
Archive Anonymous {None}

For testing I used simply command your beautiful script uses too:
add-MailboxFolderPermission -Identity info:\Archive -User user1 -AccessRights Reviewer
add-MailboxFolderPermission -Identity info:\Archive -User admin -AccessRights Owner

Then check the result:
Get-MailboxFolderPermission -Identity info:\Archive

FolderName User AccessRights
———- —- ————
Archive Default {None}
Archive Anonymous {None}
Archive User1 {Reviewer}
Archive Admin {Owner}

Everything ok…

Then check the result:
Get-MailboxFolderPermission -Identity info:\Archive

FolderName User AccessRights
———- —- ————
Archive Default {None}
Archive Anonymous {None}
Archive User1 {Reviewer}
Archive Admin {Owner}

Everything ok…

Then user1 opens his outlook 365. He not only could see Archive and its subfolder (it is ok) but he can create/move/rename/delete everything in Archive and its subfolder (not good). Moreover, he can open “Properties” of folder “Archive”, “Permission”, and view and change every permissions at this window.
For instance, user1 see his permissions as “Reviewer” and freely could change one to “Owner”. Also change admin’s permissions from “Owner” to “None” (not good at all).

These changes immediately appears at:
Get-MailboxFolderPermission -Identity info:\Archive

So modifications made by user1 are real…

So what I do wrong and how to make permissions to folder and subfolders work really?

P.S. I supposed that Archive could be “some special system folder with special properties” and tried to do the same with ordinary folder “ABCD”. And had got the same result – permissions are exist but do not work.

Thanks a lot for that post that get me so close to my goal.

Is it really that with Add-MailboxFolderPermission you can’t add the mailbox in Outlook as a standalone like you could when share is done with GUI (file / account setting / new) but need to add it as a second mailbox (More Settings / advanced tab / add) ?
In the last case you won’t be able to use “send as” without typing it manually.

It is not working for OWA. I am unable to open target mailbox in OWA because of reviewer access. If I change the access to full access then I can open the target mailbox in OWA but the full access on mailbox is overwriting the folder level reviewer access. Any suggestions to achieve read-only for OWA users.