locked
Microsoft Federation Gateway and Mailbox permission RRS feed

  • Question

  • Microsoft Federation Gateway service provides an easy to share free/busy  calendar lookup with other exchange Org. however what if we also need to share mailbox permission (like send-as , full , author ..etc) ? 

    is it possible to achieve via MFG (at-least for OWA user since it is SAML aware application?)

    Wednesday, November 18, 2015 2:57 PM

Answers

  • I don't know of any way to do what you're asking for.  AD FS won't do anything if you can't link the security principals.  The reason that it works with Office 365 and on-premises accounts is that there is directory synchronization between the two that passes all the key information.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, November 19, 2015 5:17 AM
    Moderator

All replies

  • The MFG is just a key exchange service.  It doesn't do any data sharing.  Exchange servers connect to other exchange servers' Availability Service to obtain the free/busy data.

    In your Organization Configuration (when you configure free/busy sharing) you can decide whether to share just the free/busy data ("Busy" only) or free/busy details ("Doctor's Appointment").

    Users must configure their Calendar folder permissions to allow others to see free/busy data.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, November 19, 2015 1:01 AM
    Moderator
  • The MFG is just a key exchange service.  It doesn't do any data sharing.  Exchange servers connect to other exchange servers' Availability Service to obtain the free/busy data.

    In your Organization Configuration (when you configure free/busy sharing) you can decide whether to share just the free/busy data ("Busy" only) or free/busy details ("Doctor's Appointment").

    Users must configure their Calendar folder permissions to allow others to see free/busy data.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Hi Ed,

    My query is beyond calendar sharing.Can we also do cross forest mailbox permission , like to grant send-as permission ?

    Regards

    Yogesh Malhotra

    Thursday, November 19, 2015 3:47 AM
  • Not in the way you're thinking of it.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, November 19, 2015 4:12 AM
    Moderator
  • Thanks Ed ! it was helpful.

    But what it takes if we need to provide cross forest mailbox permission without AD forest trust and Galsync ... not sure but perhaps ADFS infra ?

    Thursday, November 19, 2015 4:20 AM
  • I don't know of any way to do what you're asking for.  AD FS won't do anything if you can't link the security principals.  The reason that it works with Office 365 and on-premises accounts is that there is directory synchronization between the two that passes all the key information.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, November 19, 2015 5:17 AM
    Moderator