Share via

Using mail enabled security groups for access to a shared mailbox

Bakker, Ron 0 Reputation points
2025-01-31T08:46:02.76+00:00

I've been searching for a solution, but until now couldn't find one.

We are using an Exchange 2019 environment which include users and shared mailboxes.

Due to the fact that we would like to use IAM software we would like to have access to a shared mailbox for users using mail enable security groups.

When we add a user directly to a shared mailbox, automapping is enabled and users can see the shared mailbox in their Outlook.

As soon as we only use mail enabled security groups, automapping isn't working and users have to add the mailbox manually to their Outlook profile.

The question is, is there a way that we can set automapping with security groups (what isn't working right now) or is there a possibility that we can use a script that can automatically add the shared mailbox to Outlook based on membership of a security group?

Office
Office
A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.
1,890 questions
Microsoft Exchange
Microsoft Exchange
Microsoft messaging and collaboration software.
668 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 112.9K Reputation points MVP
    2025-01-31T08:57:37.9+00:00

    No, automapping is only supported when you add the permissions directly, not via group. There have been some improvements on this for the new Outlook client, but that one has no support for on-premises Exchange currently.

    You can certainly script the process to add permissions based on group membership, if automapping is a must. Something like this should work:

    Get-DistributionGroupMember DG@domain.com | ? {$.RecipientTypeDetails -eq "UserMailbox"} | % { Add-MailboxPermission shared@domain.com -User $($.PrimarySmtpAddress) -AccessRights FullAccess }
  2. Alex Zhang-MSFT 4,580 Reputation points Microsoft Vendor
    2025-02-03T02:10:31.5366667+00:00

    Hello, @Bakker, Ron,

    Welcome to the Microsoft Q&A platform!

    Yes, automapping isn't currently supported for mail-enabled security groups in Exchange. However, you can use a PowerShell script to automatically add a shared mailbox to Outlook based on group membership.

    Here's a basic example of what the script might look like:

    # Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName <admin@domain.com> -ShowProgress $true

# Get the list of users in the security group
$groupMembers = Get-DistributionGroupMember -Identity "YourSecurityGroup"

# Loop through each member and add the shared mailbox
foreach ($member in $groupMembers) {
    Add-MailboxPermission -Identity "SharedMailbox" -User $member.PrimarySmtpAddress -AccessRights FullAccess -AutoMapping $false
}

    Test Results: User's image

    This script connects to Exchange Online, retrieves the members of the specified security group, and grants them Full Access to the shared mailbox without automapping. Users will need to manually add the shared mailbox to their Outlook profile, but this can be streamlined with instructions or a separate script.

    Should you need more help on this, you can feel free to post back. 

    If the answer is helpful, please click on “Accept answer” as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.

    Thank you for your support and understanding.

    Best Wishes,

    Alex Zhang

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.