Yes. You can access Outlook365 and Exchange via APIs as well as Google Apps for Business.

Plus Calendars, etc. Anything that uses LDAP locally and now through the 365 APIs.

How does it work, an outlook 365 admin(?) Can read anyone's email that they want? Do they essentially just log onto the normal Hi as that user?

As a manager, if I fire somebody or they leave, I get access to their mailbox via Outlook365 for like 3 months, just in case I need to grab something from it.

So there must be a way to assign ownership of a mailbox to another user.

Yeah, you can attach mailboxes to other users with Powershell.

You could also just create a mail rule that sends a copy of every email everytime someone sends and receives one and they wouldn't know.

It depends on the setup. There are different nuances but through an Admin granted API key you could potentially access all emails. There are safeguards that companies put in place to restrict this as well.

Yes.

You mean like with Google's G-Suite? Admins can always change your password to one that they know and log in with it. Even with a 2FA policy, they can generate backup codes to use. Generally assume that yes, corporations can read their corporate email accounts. However, they may have policies that prevent their staff from accessing other employees email accounts without a specific need.

Password change/login is not necessary to pull email in from G Suite.

With Google G-Suite you can also set up the Vault so every e-mail ever is stored indefinitely even after deletion. Same goes for Drive and Groups.

Google Apps admins can read all the incoming and outgoing emails.