none
Office 365 Admin Center - Add security group to shared mailbox RRS feed

  • Question

  • I am new to the forms and the 365 admin center, though I have some experience with Exchange 2010. 

    Looking to see if it is possible to add a security group to an existing shared mailbox. 

    Currently, users are assigned full access and send as permissions through the exchange console in 365. The mailbox is auto-mapped in the desktop Outlook and life seems great. This is until users try to search the mailbox where results are hit and miss per limitations outlined by Microsoft. After scouring the internet, the best idea is to add the shared mailbox so that indexing will work. Which is fine if it needs to be that way. However, I would like to have more control over access. Adding a security group would give me the ability to add or remove users access to the mailbox.

    I created a security group, added myself as a user then selected the shared mailbox as the owner since I did not see any other options. I was able to add the mailbox to my Outlook using my credentials, but I get an error saying the folders cannot be opened and the log on failed. It looks like there is a permission issue for the shared mailbox to give full control to the security group, yet there are no options to correct this. The admin center is very limited in what can be accomplished. 

    Is this possible in 365 through Powershell or something I am missing? Any input would be greatly appreciated, thanks.

    Wednesday, March 28, 2018 9:21 PM

All replies

  • Hi Rookie,

    Per my knowledge, it's not support to assign a security group full access permission to a shared mailbox, however, as a workaround, you can use the following script to get all members in the group and assign the permission to all members at once on shared mailbox:  

    Get-DistributionGroupMember GroupA | % {Add-MailboxPermission -Identity "Shared_mailbox" -User $_.Name -AccessRights ‘FullAccess’}
    Hope this helps,


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, March 29, 2018 6:53 AM
    Moderator
  • Hi Rookie,

    I'm just writing to check how's everything going? If you have any questions or needed further help on this issue, please feel free to post back. If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well. Thanks for your understanding.


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, April 3, 2018 10:58 AM
    Moderator
  • Hi Niko,

    Thanks for trying and confirming my suspicion. This is not much help since it would cause more administrative work than it is worth. I would have to run powershell to add/remove users from that group, and any other groups that would need this. 

    I was hoping to find a powershell command that would give the security group full access to that shared mailbox so I can just add/remove users from the web interface and make it easy. There has to be a solution to this issue somewhere.

    Wednesday, April 4, 2018 5:46 PM
  • Did you ever work this out Rookie? I am having the same issue.
    Thursday, October 4, 2018 5:59 AM
  • -- EDITED ---

    The below looked like it worked based on the PowerShell command's success. However, it did not actually end up with the desired effect of members of the group having access to the mailbox.

    -------------------

    FYI, the proposed solution works with groups in Office 365. You HAVE to do this via Power Shell, it is not available in the GUI. In addition the group type has to be a "Security" group. I'm guessing a mail-enabled security group would also work; but I did not try it.

    The command is:

    Add-MailboxPermission -Identity "Shared_mailbox" -User "security-group-name" -AccessRights ‘FullAccess’

    For those who are wondering, "FullAccess" does not give the capability to SendAs the group. That is a separate permission.

    Full list of the limited permission options are here:
    https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/get-mailboxpermission?view=exchange-ps



    Thursday, November 15, 2018 12:56 PM
  • This is in fact possible. This can be done with a Mail Enabled Security Group utilizing the Exchange Admin Panel of Office 365.

    This works out-of-the-box without any changes, or requiring PowerShell when done in that manner.

    Monday, December 3, 2018 4:13 PM
  • Sadly it does not work for Unified groups, so if you just converted all your mail enabled security groups to modern O365 Groups, your out of luck...
    Monday, July 15, 2019 3:18 PM