Accessing Shared Mailboxes

Accessing Shared Mailboxes

Previously I wrote a blog about the ins and outs of connecting a shared mailbox and the benefits of connecting to it in Outlook a specific way. I’ve updated this here with the later versions of Outlook screenshots and a shorter version of just why and how. The original blog is here https://www.neroblanco.co.uk/2015/04/the-shared-mailbox-dilemma/ and to re-cap:

Our best practice recommendations

We advocate granting FullAccess + SendAs permissions via a Security Group and have users connect the Shared Mailbox to Outlook using the “New Additional Account” option. This is the best experience for your users and will reduce your helpdesk tickets. Aka – the path of least resistance.

The benefits to this method are:

Users can:

  • See all the Folders and Sub-Folders (Filing ease)
  • Create and manage rules
  • Set Automatic Replies
  • Sent and Deleted Items are saved in the Shared Mailbox so other users can see them
  • Users do not need to use the FROM option
    • If they are in the mailbox when they compose their email message, that is the sending address that is used
  • The additional Mailbox gets its own OST file with an OST slider option
  • You also see the associated Exchange Online Archive – if one is provisioned
  • FullAccess Users can access the Mailbox via OWA and add to their Mobile Device in the Outlook App

Groups v Individuals

Using a Security Group for access means that the membership can be delegated for management to the mailbox owner or other Administrator. You can also track empty Groups so useful (in a limited way) for attestation.

If you MUST use individuals when granting Full Access then do NOT use the -AutoMapping=$True as this will negate the ability for users to add to Outlook manually. Instead use -AutoMapping=$False

The process of adding the mailbox manually is what creates the dedicated OST file.

I do appreciate that the -AutoMapping feature is very convenient, but also doesn’t allow any granular management over the Outlook Client configuration.

SendAs or Send on Behalf of

Due to a Microsoft feature, you cant use the method I describe here to implement Send on Behalf of. If you try FullAccess + Send on Behalf of and “New Account” in Outlook, the sending of emails will fail to send.

If you want SoBo then you need to fall back to using Add Mailbox the classic way.

Mailbox Auditing

Remember, Exchange Online Mailbox Auditing is enabled by default, so setting FullAccess with SendAs means you can always check who did what when. https://docs.microsoft.com/en-us/microsoft-365/compliance/enable-mailbox-auditing?view=o365-worldwide

We actually recommend this for additional mailboxes like Boss/Admin relationships. e.g. VIP with EA but this might not be a good fit for everyone, but it sure does make their lives easier.

Adding the Shared Mailbox in Outlook

Add additional Account

  • Open Outlook
  • Click File
  • Account Settings\Account Settings (add or remove accounts…)
  • Click New
  • Enter the Shared Mailbox Details – use the full SMTP address
  • Choose sign in with another account and then enter YOUR username and password
  • You will probably be prompted twice
  • Select Save Credentials at the next screen
    • Remember – use YOUR OWN email address and Password
  • Close and Re-Open Outlook
  • Your new Shared Mailbox should be in the left-hand navigation pane

You can see it has its own OST

OST File

Seen here: C:\Users\[userprofile]\AppData\Local\Microsoft\Outlook

With slider bar capabilities

Outlook Slider Bar


Outlook Web App – OWA

You can also open a Shared Mailbox in OWA – IF you have Full Access, and you know how to manipulate the URL. E.g.

You MUST log on as yourself first, then either Open another mailbox by clicking on your picture (top right hand corner)

Or, by manipulating the URL.

https://outlook.office365.com/owa/sharedmailbox@contoso.com