Exchange Online administrators attempting to modify Public Folder permissions are encountering a persistent access-denied error that Microsoft has now confirmed as a bug. The issue, which began affecting multiple tenants in recent weeks, prevents administrators from adding, removing, or modifying permissions on Public Folders through both PowerShell and the Exchange admin center.

Microsoft's support documentation acknowledges the problem specifically affects the Set-PublicFolderClientPermission cmdlet and corresponding admin center operations. When administrators attempt to modify permissions, they receive error messages stating "Access is denied" or "You don't have sufficient permissions" even when using accounts with full administrative privileges.

The technical root appears to be a recent service update that introduced a permissions validation bug. Microsoft's engineering team has identified the issue as affecting the permission inheritance and validation logic within Exchange Online's Public Folder infrastructure. The bug doesn't affect existing permissions or access to Public Folder content—users can still read and write to folders according to their current permissions—but it completely blocks any permission modifications.

Impact on Business Operations

Administrators report the bug is creating significant operational challenges. "We're in the middle of a departmental reorganization and need to adjust folder access for three teams," reported one administrator on the Windows forum. "Now we're stuck with permissions that don't match our new structure, and we can't fix them."

Another administrator described a more critical scenario: "We discovered a security issue where a former employee still had access to sensitive financial folders. Normally we'd remove their permissions immediately, but now we're completely blocked. We've had to implement workarounds at the mailbox level while waiting for a fix."

The timing is particularly problematic for organizations preparing for year-end processes. Many companies use Public Folders for shared calendars, contact lists, and document repositories that require permission adjustments during seasonal transitions. "Our holiday scheduling and budget planning folders need permission updates right now," explained an IT manager at a retail company. "We're having to create duplicate folders with manual permission setups, which creates version control nightmares."

Microsoft's Response and Workarounds

Microsoft has acknowledged the bug through support channels and is actively working on a fix. The company hasn't provided a specific timeline for resolution but has indicated it's treating the issue as high priority given its impact on administrative operations.

While waiting for a permanent fix, Microsoft recommends several workarounds. The most practical involves using mailbox-level permissions as a temporary solution. Administrators can create shared mailboxes with the necessary permissions and provide access to those instead of modifying Public Folder permissions directly. This approach requires additional configuration but maintains access control.

Another workaround involves using the New-PublicFolder cmdlet to create new folders with the desired permissions from scratch, then migrating content from the affected folders. This is labor-intensive but effective for critical folders that require immediate permission changes.

Some administrators have reported limited success with using the -WhatIf parameter with Set-PublicFolderClientPermission to test permission changes, though this doesn't actually modify permissions. "At least we can validate our permission syntax while waiting for the fix," noted one forum participant.

The Public Folder Migration Context

This permission bug emerges against the backdrop of Microsoft's ongoing push to migrate organizations from traditional Public Folders to modern alternatives. Microsoft has been encouraging migration to Microsoft 365 Groups, SharePoint Online, and shared mailboxes for several years, citing better security, management tools, and integration with modern collaboration features.

The current issue highlights the challenges of maintaining legacy infrastructure in cloud environments. Public Folders, originally designed for on-premises Exchange deployments, have undergone multiple iterations in the cloud but still carry architectural limitations compared to newer technologies.

"This bug reinforces why we've been planning our migration off Public Folders," commented an enterprise architect. "When something breaks in a legacy system, it often takes longer to fix because it's not the primary development focus anymore."

Technical Details and Scope

The bug affects Exchange Online across all service plans that include Public Folder functionality. It doesn't appear to discriminate by organization size or geographic region—reports have come from North America, Europe, and Asia-Pacific tenants.

Testing confirms the issue is consistent across different permission scenarios:

  • Adding new users or groups to existing folders
  • Removing users or groups from folders
  • Modifying permission levels (changing from Reviewer to Editor, for example)
  • Attempting to reset or clear all permissions

The bug affects both user-based permissions and group-based permissions equally. It also impacts attempts to modify permissions through delegated administration—even accounts with full Organization Management role groups encounter the same access-denied errors.

Interestingly, Get-PublicFolderClientPermission continues to work correctly, allowing administrators to view current permissions. The Export-PublicFolderStatistics and other reporting cmdlets also function normally, providing visibility into the Public Folder environment despite the modification limitations.

Community Reactions and Workarounds

On administrator forums, the response has been a mix of frustration and practical problem-solving. "This couldn't have come at a worse time," wrote one administrator. "We're heading into our busiest quarter and now we're managing permissions with duct tape and hope."

Others have developed creative workarounds beyond Microsoft's official suggestions. One administrator shared a PowerShell script that creates temporary shared mailboxes, sets up forwarding rules, and automatically notifies users of the temporary access method. "It's not elegant, but it keeps business moving while we wait for the fix," they explained.

Several administrators have noted that the bug has accelerated their migration timelines. "We were planning to move off Public Folders next year, but this pushed up our timeline," reported an IT director. "We're fast-tracking our SharePoint migration because we can't afford to be blocked on permission changes again."

There's also concern about Microsoft's communication around the issue. "The bug has been affecting us for two weeks, but there's no service health dashboard notification," complained one administrator. "We had to find out through forums and then contact support to get confirmation."

Historical Context and Pattern

This isn't the first time Public Folder permissions have caused issues in Exchange Online. Similar problems emerged during the initial migration from on-premises Exchange to Exchange Online, though those were typically related to permission translation during migration rather than modification blocking.

In 2021, a different permissions bug affected Public Folder access for end users rather than administrators. That issue was resolved within two weeks through a service update. The current bug appears more severe from an administrative perspective since it completely blocks permission management rather than just affecting user access.

The pattern suggests that Public Folder code in Exchange Online may be particularly sensitive to service updates. "Every time Microsoft rolls out a major Exchange Online update, we hold our breath about Public Folders," noted a veteran Exchange administrator with 15 years of experience. "They work until they don't, and when they break, they break hard."

Migration Planning Considerations

For organizations considering whether this bug should accelerate their migration plans, several factors come into play:

Migration complexity: Organizations with complex Public Folder hierarchies and extensive permissions may face significant migration challenges. The planning and execution could take months even without unexpected bugs.

Business criticality: Public Folders containing critical business data or processes may warrant maintaining them until Microsoft provides more stable long-term support commitments.

Alternative solutions: Microsoft 365 Groups offer better integration with Teams and other modern workloads but have different permission models. SharePoint Online provides superior document management but requires different administrative skills.

Timing: Migrating during a known bug period adds risk—if something goes wrong during migration, administrators can't easily adjust Public Folder permissions as a fallback.

Looking Forward

Microsoft's resolution of this bug will be telling for organizations still relying on Public Folders. A quick fix would demonstrate continued commitment to supporting the legacy feature, while a prolonged resolution might signal declining priority.

The company faces competing pressures: maintaining stability for organizations with significant Public Folder investments while encouraging migration to modern collaboration platforms. This bug highlights the tension between those objectives.

For administrators dealing with the immediate issue, the priority is maintaining business operations through workarounds while monitoring for Microsoft's fix. Regular checks of the Microsoft 365 admin center service health dashboard and Exchange admin center message center are essential for timely updates.

Longer term, this incident provides another data point for organizations evaluating their Public Folder strategy. Each disruption adds to the operational cost calculation, potentially tipping the balance toward migration for organizations on the fence.

As one administrator summarized: "We've tolerated the limitations of Public Folders because they worked. When they stop working—and we can't fix them—that changes the equation completely."