Shared mailboxes in Microsoft 365 enable teams to collaborate and share email responsibilities. Here, we’ll help you learn how to create, configure and use Microsoft 365 shared mailboxes.
A shared mailbox allows multiple users with the appropriate permissions to access the same email account, whether to send emails, access shared folders, or use the same calendar and contacts list. Shared mailboxes can store up to 50GB of data without requiring a license.
Common examples of scenarios where businesses need a shared mailbox include:
- Using a consistent alias for customer support or reception
- Providing everyone in a department with access to the same inbox
- Having contractors or vendors send invoices to one consistent place
- Transitioning between former and new employees
If your organization has a hybrid Exchange environment, Microsoft suggests using the Exchange admin center (EAC) to manage your shared mailboxes.
Although convenient, shared mailboxes have some limitations:
- Shared mailboxes have storage limits.
- It’s not possible to encrypt emails that are sent from a shared mailbox.
- A shared mailbox can be less secure because each user accesses it using their own credentials, and any of those credentials could be compromised.
The process of creating a Microsoft 365 shared mailbox and adding new users is simple:
- Log in as an administrator, using either a global account or an Exchange account.
- Click Groups > Shared mailboxes.
- To create a new shared mailbox, click + Add a mailbox.
- Specify a name for the mailbox, which will appear in the “From” line in emails. You’ll automatically be assigned an email address, which you can edit. Click Add.
- To add members, select Add members to this mailbox under “Next steps.”
- Click +Add members and select the active users you want to have access to the new shared mailbox.
- Click Save and then Close.
Exchange includes a feature called automapping, which automatically maps the shared mailboxes a user has permissions to, to their mailbox in Outlook. If automapping is enabled (it is on by default), new shared mailboxes will show up in each user’s Outlook application automatically after they close and restart Outlook. However, automapping is set on each user’s mailbox, not on the shared mailbox. Therefore, if you want to use automapping, you have to manage access to the shared mailbox by assigning permissions to each user explicitly, rather than by using a security group.
By default, when a person sends mail using a shared mailbox, the sent message is stored in that person’s Sent Items folder. To set up a shared mailbox so that replies and other sent emails are saved in the Sent folder of the shared mailbox as well, take these steps:
- Log in to the Microsoft 365 admin center using a global admin or an Exchange admin account.
- Go to Groups > Shared mailboxes.
- Click on your shared mailbox.
- Navigate to Properties.
- Click Edit next to Sent Items.
- Select On next to both Copy items sent as this mailbox and Copy items sent on behalf of this mailbox.
- Click Save.
The user whose mailbox you want to convert to a shared mailbox must have a license assigned. If you deleted the license assigned to the user’s mailbox or account, you’ll have to restore it before you can convert the mailbox to shared mailbox.
To convert a user’s mailbox to a shared mailbox, take these steps:
- In the Exchange admin center, choose Recipients > Mailboxes.
- Select the user’s mailbox.
- Click Convert under Convert to Shared Mailbox.
How to Block Sign-in for an Account
Users usually access shared mailboxes using their own accounts. However, this means a hacker who compromises a user’s account could gain access to the shared mailbox. If this happens, you can block sign-ins from the compromised account by taking these steps:
- In the Exchange admin center, navigate to the Active users page under Users.
- Find the shared mailbox account and select the user.
- Select Block this user.
- Click Block the user from signing in.
- Click Save changes.
As an admin of a shared mailbox, it’s your responsibility to help new users learn how to use shared mailboxes in Outlook. Some common questions from users include:
This should happen automatically once you close and restart Outlook. You can also manually add the account from your account settings, under the “Email” tab.
You can access the web version of Outlook using a browser on your mobile device.
To prevent misuse of shared mailboxes and avoid security incidents, you should regularly:
- Check which users have permissions to shared mailboxes
- Monitor who reads what in those mailboxes.
These tasks are necessary to protect sensitive business information, detect potentially malicious users, and monitor for emails that are erroneously deleted or sent.
The Exchange Online Management Console helps you monitor who has access to what within the shared mailbox. However, native auditing has several drawbacks, including a short retention period and limited filtering and alerting options.
Having a third-party solution that supports monitoring of all systems will eliminate the inconvenience and human error inherent in juggling multiple solutions and consoles, as well as give you better visibility into permissions and user activity. In particular, Netwrix Auditor for Exchange provides easy-to-read reports for Exchange Online and Exchange Server that include crucial details, such as:
- Non-owner mailbox access events
- Which users have non-owner rights to which mailboxes
- Changes to mailbox permissions and delegation
It also provides all the information you need to keep an eye on access events and changes to user permissions. Built-in filters make it easy to zero in on exactly the information you want. As a result, you can enjoy the convenience of shared mailboxes while minimizing security risks.