How to Assign Mailbox Permissions for a Shared Mailbox in Exchange Online


Introduction

Assigning mailbox permissions for a shared mailbox in Exchange Online is a critical aspect of managing team communication. Shared mailboxes allow multiple users to access a common email address, making it easier to collaborate and respond to inquiries. However, to protect sensitive information and maintain order, it’s vital to assign permissions correctly.

In this comprehensive guide, we’ll cover everything you need to know about assigning mailbox permissions for a shared mailbox, including how to create a shared mailbox, convert a user mailbox to a shared mailbox, and manage permissions effectively using both the Microsoft 365 Admin Center and PowerShell. By the end, you’ll be equipped with the knowledge to ensure your team can communicate effectively while keeping control over access.

Understanding Mailbox Permissions

Types of Permissions

Before we dive into the steps, it’s important to understand the different types of permissions associated with shared mailboxes in Exchange Online:

  1. Full Access Permission: This permission allows users to open and manage the shared mailbox as if it were their own. They can read, write, and delete emails. Example: If a shared mailbox support@yourcompany.com has Full Access assigned to Sarah, she can log into that mailbox, read emails, and respond to them.
  2. Send As Permission: This allows a user to send emails from the shared mailbox address, appearing as if the email is sent directly from that mailbox. Example: When Sarah sends an email from support@yourcompany.com using Send As permission, recipients will see the email as coming from support@yourcompany.com.
  3. Send on Behalf Permission: This permission allows a user to send emails on behalf of the shared mailbox. In this case, the email will show both the user’s name and the shared mailbox address. Example: If Sarah sends an email on behalf of support@yourcompany.com, recipients will see “Sarah on behalf of support@yourcompany.com.”

Creating a Shared Mailbox

From the Microsoft 365 Admin Center

Creating a shared mailbox is straightforward and can be done via the Microsoft 365 Admin Center.

  1. Log In:
  1. Access Shared Mailboxes:
  • In the left-hand menu, go to Teams & Groups > Shared mailboxes.
  1. Create New Shared Mailbox:
  • Click on + Add a shared mailbox.
  • Fill in the Display name and the Email address (e.g., support@yourcompany.com).
  • Click Save to create the shared mailbox.

From the Exchange Admin Center

You can also create a shared mailbox through the Exchange Admin Center:

  1. Log In:
  • Sign in to the Microsoft 365 Admin Center and navigate to Exchange.
  1. Access Shared Mailboxes:
  • In the left-hand menu, go to Recipients > Shared.
  1. Create New Shared Mailbox:
  • Click on + Add a shared mailbox.
  • Fill in the Display name and the Email address (e.g., support@yourcompany.com).
  • Click Save to create the shared mailbox.

Converting an Existing User Mailbox to a Shared Mailbox

Using PowerShell

If you have an existing user mailbox that needs to be converted to a shared mailbox, PowerShell is an efficient way to do this.

Step 1: Connect to Exchange Online PowerShell

You first need to connect to Exchange Online. If you haven’t set this up yet, refer to my blog on How to Install and Connect Exchange Online using PowerShell for detailed instructions.

Use the following command to connect:

Connect-ExchangeOnline -UserPrincipalName youradmin@domain.com

Replace youradmin@domain.com with your admin email.

Step 2: Convert User Mailbox to Shared Mailbox

To convert an existing user mailbox (e.g., user@yourcompany.com) to a shared mailbox, use the following command:

Set-Mailbox -Identity "user@yourcompany.com" -Type Shared

Step 3: Verify the Change

You can verify that the mailbox has been converted by running:

Get-Mailbox -Identity "user@yourcompany.com" | Select-Object DisplayName, RecipientTypeDetails

The RecipientTypeDetails should now display SharedMailbox as below:

Assigning Mailbox Permissions via the Microsoft 365 Portal

Step 1: Access the Admin Center

  1. Log in to your Microsoft 365 admin account.
  2. From the app launcher, select Admin to access the Microsoft 365 Admin Center.

Step 2: Locate the Shared Mailbox

  1. Navigate to Teams & Groups > Shared mailboxes.
  2. Select the shared mailbox you want to manage (e.g., support@yourcompany.com).

Step 3: Assign Permissions

For Full Access Permission

  1. Click Edit under the Mailbox delegation section.
  2. In the Full Access section, click + Add.
  3. Search for the user (e.g., Sarah) and click Add.
  4. Click Save.

For Send As Permission

  1. In the same Mailbox delegation section, find the Send as section and click + Add.
  2. Search for the user (e.g., Sarah) and click Add.
  3. Click Save.

For Send on Behalf Permission

This permission must be assigned via PowerShell.

Assigning Mailbox Permissions Using PowerShell

To assign permissions via PowerShell, ensure you are connected to Exchange Online as shown above.

Step 1: Assign Full Access Permission

Use the Add-MailboxPermission cmdlet:

Add-MailboxPermission -Identity "support@yourcompany.com" -User "Sarah" -AccessRights FullAccess -InheritanceType All

Permissions for a Shared Mailbox

Step 2: Assign Send As Permission

Use the Add-RecipientPermission cmdlet:

Add-RecipientPermission -Identity "support@yourcompany.com" -Trustee "Sarah" -AccessRights SendAs

Step 3: Assign Send on Behalf Permission

For Send on Behalf permission, use the Set-Mailbox cmdlet:

Set-Mailbox -Identity "support@yourcompany.com" -GrantSendOnBehalfTo "Sarah"

Step 4: Verify Permissions

To verify the permissions assigned, use the following commands:

For Full Access Permission:

Get-MailboxPermission -Identity "support@yourcompany.com" | Where-Object {$_.User -eq "Sarah"}

For Send As Permission:

Get-RecipientPermission -Identity "support@yourcompany.com" | Where-Object {$_.Trustee -eq "Sarah"}

For Send on Behalf Permission:

Get-Mailbox -Identity "support@yourcompany.com" | Select-Object GrantSendOnBehalfTo

Best Practices for Managing Mailbox Permissions

  1. Limit Permissions: Assign necessary permissions only to minimize security risks. Full Access should be reserved for trusted individuals.
  2. Regular Audits: Regularly review and audit mailbox permissions to ensure they are current and relevant.
  3. User Training: Educate users about the implications of permissions, particularly regarding sending emails from shared mailboxes.

Conclusion

Assigning mailbox permissions for a shared mailbox in Exchange Online is crucial for effective collaboration and communication within your organization. Understanding the different types of permissions—Full Access, Send As, and Send on Behalf—will help you manage shared mailboxes efficiently.

By utilizing both the Microsoft 365 Admin Center and PowerShell, you can streamline access management to shared mailboxes, ensuring that only the right users have the necessary permissions to perform their roles. This not only enhances teamwork but also maintains security and compliance within your organization.

For further information on managing mailbox permissions, visit the official Microsoft documentation on mailbox permissions.