0

I want to establish a shared mailbox for a project team. I want this mailbox to be auto-mapped into the team members' Outlook profiles. However, I do not want them to have Full Access, so I can still control access permissions on individual folders inside that mailbox - for instance, to hide all the superfluous default folders they won't need, but also to have different folder permissions for project leads and mere stakeholders.

For test purposes I already solved this on our on-premise Exchange Server: Simply entering the DNs of the team members into the shared mailbox's msExchDelegateListLink attribute (via ADSIEdit) does the trick nicely and so far I haven't discovered any downsides to that approach. However, as far as I can tell there is no way to access that attribute (or any attributes for that matter) in an Office365 environment.... or is there?

I feel I must be missing something essential here: Why exactly is auto-mapping tied to Full Access in the first place? Is my use case really that outlandish? Are there other approaches for this that I simply haven't thought of?

Daniel
  • 6,940
  • 6
  • 33
  • 64
Oliver Giesen
  • 121
  • 2
  • 6

2 Answers2

1

Why exactly is auto-mapping tied to Full Access in the first place?

Because that's how it was designed? Only Microsoft can answer that. Perhaps you can ask them.

Is my use case really that outlandish?

Not outlandish, but not the use case that shared mailboxes is intended to fit.

Are there other approaches for this that I simply haven't thought of?

Look into Office 365 Groups, or potentially Sharepoint document libraries. I'm not sure what the "right" solution is, but shared mailboxes isn't it.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • 1
    Could you maybe elaborate on why you think mine might not be an intended use case for Shared Mailboxes? AFAICT Shared Mailboxes do *exactly* what I need right out of the box - with only two exceptions: A. I cannot auto-map them to users (at least in Office365) and B. they include way too many default folders. Rgd. O365 Groups: I can see ways to (ab)use them for my needs but their primary use case appears to be internal communication. However, my use case is all about email communication between the team and external contacts. SP Document Libraries also would do nothing for me in this context. – Oliver Giesen Sep 13 '19 at 09:30
  • Yours not being an intended use-case is answered by the possibilities EXO offers out of the box. You can probably grant full access on the mailbox and then adjust permissions on the folder level, but you should just use them as intended and train your users how to use them. – Daniel Oct 31 '21 at 23:08
0

Agree with what joeqwerty has suggested. Automapping is an Exchange & Exchange Online feature, which automatically opens mailboxes with Full Access permissions in a delegate’s Outlook client. The tie between automapping and full access is designed by Microsoft.

By the way, based on your need, why don't you just share the folders? Use the Add-MailboxFolderPermission cmdlet to add folder-level permissions for users in mailboxes. For details, read this Add-MailboxFolderPermission

Beverly Gao
  • 126
  • 4
  • Well, as I wrote, I can set up Auto-Mapping without Full Access on an on-premise server without problems, so to me that clearly disproves the notion that there might be any actual technical necessity to tie the two together. Rgd. folder permissions and Add-MailboxFolderPermission: That is exactly what I'm doing already. Being able to auto-map those mailboxes without losing those permissions' effectiveness would just be the cherry on top that would unburden the users from having to assemble and maintain their individual mailbox setup themselves... – Oliver Giesen Sep 13 '19 at 08:08