Automapping on shared mailboxes – Security group added with Full mailbox access

Automapping enables an outlook user to be able to get all those mailboxes automatically populated in their respective outlook clients based on the value set on the MSExchDelegateListLink,

The mailbox that is permissioned: msExchDelegateListLink
The user who is being granted permissions: msExchDelegateListBL

Scenario 1:

Joe Biden has a mailbox hosted online (O365) and he is part of the Technical team to respond to end user’s queries which is sent to a shared mailbox “Tech Support Team”. Hence Joe is given full mailbox access to the shared mailbox,

Add-MailboxPermission -Identity “Tech Support Team” -User “Joe Biden” -AccessRights FullAccess -InheritanceType All

Once the permissions are in place, Joe will be able to access the tech support mailbox on his local outlook (Tech support Team primary mailbox & archive mailbox(if available) will be auto mapped to Joe’s mailbox.

Scenario 2:

Joe Biden has a mailbox hosted online (O365) and he is part of the Technical team to respond to end user’s queries which is sent to a shared mailbox “Tech Support Team”. As the team size is huge and people keep getting added or removed, hence a security group “Sec Group_Tech support” is created and all those who are part of the tech support team are added as members. Now the security group is given full mailbox access to the shared mailbox,

Add-MailboxPermission -Identity “Tech Support Team” -User “Sec Group_Tech support” -AccessRights FullAccess -InheritanceType All

By default when you run add-mailboxpermissions command, it enabled automapping, which means -Automapping $true, if you wish to turn it off explicitly, you can do it by adding -Automapping $false

https://docs.microsoft.com/en-us/outlook/troubleshoot/profiles-and-accounts/remove-automapping-for-shared-mailbox

As these users are not explicitly provided with full mailbox access, there are some limitations in automapping, but still the users can create individual outlook profile for the tech support team mailbox and that has no limitations. This is due to msExchDelegateListBL

If you are part of a security group and the security group is given full mailbox access to a shared mailbox, it is expected that you wont be able to access the archive mailbox of the shared mailbox from outlook as an additional mailbox (auto-mapping) .

But if you are explicitly given full access to shared mailbox you should see the primary shared mailbox along with the shared mailbox’s archive as well.

Please keep me posted for any questions/clarifications.

https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps

Ganesh G

Hybrid Configuration – Send As

Pre-Existing permissions which were granted before migrating the mailbox to office 365 works, But any new mailbox permissions given post the migration breaks in a hybrid scenario. For example, if we have three mailboxes Mbx1, Mbx2 & Mbx3. Consider Mbx1 has send as permission on Mbx2 and now Mbx2 is migrated to O365, in this case the permission works seamlessly. But if i try to add send as permission for Mbx3 on Mbx2 , it won’t work.

Exchange hybrid configurations do support the use of the Send-As, Receive-As, or Send on behalf of mailbox permissions, these permissions are only available when both the mailbox granting the permissions, and the mailbox receiving the permissions, are in the same realm. Any mailboxes that receive these permissions from another mailbox need to be moved at the same time as that mailbox. If a mailbox receives permissions from multiple mailboxes, that mailbox, and all of the mailboxes granting permissions to it, need to be moved at the same time and exist in the same realm of either on premises or Office 365 Exchange organizations.

https://blogs.technet.microsoft.com/mconeill/2016/03/20/shared-mailboxes-in-exchange-hybrid-now-work-cross-premises/

Watch this video from 44:00 for more clarity.

https://www.youtube.com/watch?v=pN6lsxKRrJQ