Automapping on shared mailboxes – Security group added with Full mailbox access

Automapping enables an outlook user to be able to get all those mailboxes automatically populated in their respective outlook clients based on the value set on the MSExchDelegateListLink,

The mailbox that is permissioned: msExchDelegateListLink
The user who is being granted permissions: msExchDelegateListBL

Scenario 1:

Joe Biden has a mailbox hosted online (O365) and he is part of the Technical team to respond to end user’s queries which is sent to a shared mailbox “Tech Support Team”. Hence Joe is given full mailbox access to the shared mailbox,

Add-MailboxPermission -Identity “Tech Support Team” -User “Joe Biden” -AccessRights FullAccess -InheritanceType All

Once the permissions are in place, Joe will be able to access the tech support mailbox on his local outlook (Tech support Team primary mailbox & archive mailbox(if available) will be auto mapped to Joe’s mailbox.

Scenario 2:

Joe Biden has a mailbox hosted online (O365) and he is part of the Technical team to respond to end user’s queries which is sent to a shared mailbox “Tech Support Team”. As the team size is huge and people keep getting added or removed, hence a security group “Sec Group_Tech support” is created and all those who are part of the tech support team are added as members. Now the security group is given full mailbox access to the shared mailbox,

Add-MailboxPermission -Identity “Tech Support Team” -User “Sec Group_Tech support” -AccessRights FullAccess -InheritanceType All

By default when you run add-mailboxpermissions command, it enabled automapping, which means -Automapping $true, if you wish to turn it off explicitly, you can do it by adding -Automapping $false

https://docs.microsoft.com/en-us/outlook/troubleshoot/profiles-and-accounts/remove-automapping-for-shared-mailbox

As these users are not explicitly provided with full mailbox access, there are some limitations in automapping, but still the users can create individual outlook profile for the tech support team mailbox and that has no limitations. This is due to msExchDelegateListBL

If you are part of a security group and the security group is given full mailbox access to a shared mailbox, it is expected that you wont be able to access the archive mailbox of the shared mailbox from outlook as an additional mailbox (auto-mapping) .

But if you are explicitly given full access to shared mailbox you should see the primary shared mailbox along with the shared mailbox’s archive as well.

Please keep me posted for any questions/clarifications.

https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps

Ganesh G