Microsoft Defender for Office 365 (MDO) requires shared mailboxes to be licensed but doesn’t extend the same requirement to Microsoft 365 Groups. Given that Microsoft 365 Groups have group mailboxes and can function very much like shared mailboxes, the difference in licensing is remarkable. Why does this happen? It could be due to internal Microsoft politics, omissions, or just a preference for Groups. Who knows?
The Connect-IPPSSession cmdlet is needed to connect to the Security and Compliance endpoint to update a Microsoft 365 retention policy. Unhappily, the Security and Compliance module doesn’t support managed identities, which makes it harder to run Connect-IPPSSession securely in an Azure Automation runbook. In the end, we use a credential stored in the automation account. And then we had to disable WAM. All explained here.
A question about shared mailboxes brought up the topic of licensing requirements when a tenant has Microsoft Defender for Office 365 (MDO). The news is not good. Once MDO is active, every shared mailbox needs an MDO license, and every user mailbox must also be licensed for MDO (those with E5 licenses are covered). At $5 per month, those MDO licenses can ramp up to a considerable cost. Ouch!
A sometimes overlooked 2024 update delivers easier access to protected messages delivered to shared mailboxes. Instead of direct assignment of Full Access to user mailboxes, access can be controlled through membership of a mail-enabled security group. It’s a small but very nice change, just like any update that eases the life of tenant administrators.
The Outlook (classic) client has a registry setting to control moving deleted items from a shared mailbox. The new Outlook for Windows client doesn’t have an equivalent setting, so items removed from a shared mailbox end up in the Deleted Items folder of the user’s mailbox rather than the Deleted Items folder in the shared mailbox. It’s an example of one of the things to fix before the new Outlook can take over.
Shared mailboxes have Entra ID accounts. No one needs to sign into the accounts because Exchange Online manages connections using mailbox permissions. But it can happen that people do sign into shared mailboxes and if the accounts aren’t licensed, they don’t comply with Microsoft licensing requirements. As explained here, some PowerShell can check for potential licensing violations.
A question was asked about the best way to find out if shared mailboxes received email from certain domains over the past 60 days. Exchange Online historical message traces can extract trace data to allow us to check, but the process of running the message trace and then analyzing the data is just a little disconnected.
Exchange Online shared mailboxes only need licenses if they have an archive, exceed 50 GB in size, or are on litigation hold. The rules are there, but how many tenants check their shared mailboxes to make sure that they’re in compliance. This article explains how to use PowerShell to detect shared mailboxes that need licenses.
Exchange Online tenants have a choice between inactive mailboxes and shared mailboxes when the need arises to keep “leaver” data like that belonging to ex-employees. Inactive mailboxes are essentially a compliance tool and sometimes shared mailboxes are better choices. We explore both in this short article.
Deploying new features to a massive 100-million plus user community takes a lot of planning and careful management. Outlook Mobile caters for both consumer and commercial users, and different methods are used to deliver new features to the two groups. Sometimes this means that different users in the same tenant can’t access a new feature even if they have the right software.
Outlook mobile users now have shared mailbox support in both iOS and Android platforms. The work to upgrade the backend service is also progressing and is past 50% rollout. And dark mode is coming too. It’s available in beta today to Testflight users (only for iOS), and it’s also been enabled for some users who run the latest version of the clients.
A question about how best to set auto-replies for Exchange Online shared mailboxes to respond to messages arriving during a public holiday gives another chance for PowerShell to show how useful it is. You could do the work with Flow, but PowerShell is more flexible and capable when dealing with multiple shared mailboxes.
Microsoft has announced that it will deploy the ability to add shared mailboxes to Outlook Mobile by the end of July. But if you want to see the feature early, you can join the Testflight program and install the beta version of Outlook mobile. Using Outlook for iOS with Testflight also forces the upgrade of your Office 365 tenant to the Microsoft Sync Technology.
Microsoft has announced that Outlook Mobile (iOS and Android) will include support for Exchange Online shared mailboxes “in the next several weeks,” which probably means early July 2019. The update comes as good news for many people who have been forced to use an IMAP4-based workaround to access shared mailboxes. Microsoft is also making some other changes to improve the Files view and calendar sync in Outlook mobile.
