Using mail enabled security groups for access to a shared mailbox

Question

I've been searching for a solution, but until now couldn't find one.

We are using an Exchange 2019 environment which include users and shared mailboxes.

Due to the fact that we would like to use IAM software we would like to have access to a shared mailbox for users using mail enable security groups.

When we add a user directly to a shared mailbox, automapping is enabled and users can see the shared mailbox in their Outlook.

As soon as we only use mail enabled security groups, automapping isn't working and users have to add the mailbox manually to their Outlook profile.

The question is, is there a way that we can set automapping with security groups (what isn't working right now) or is there a possibility that we can use a script that can automatically add the shared mailbox to Outlook based on membership of a security group?

Answer

No, automapping is only supported when you add the permissions directly, not via group. There have been some improvements on this for the new Outlook client, but that one has no support for on-premises Exchange currently.

You can certainly script the process to add permissions based on group membership, if automapping is a must. Something like this should work:

Get-DistributionGroupMember DG@domain.com | ? {$.RecipientTypeDetails -eq "UserMailbox"} | % { Add-MailboxPermission shared@domain.com -User $($.PrimarySmtpAddress) -AccessRights FullAccess }

Share via

Using mail enabled security groups for access to a shared mailbox

1 answer

Your answer