September 24, 2014

Office 365 - Shared mailbox read only

Providing read only access to shared or user mailbox is not simple workaround based on Microsoft forums. By default you have to grant Full Access delegation to another user to see additional mailbox in outlook. For read only there is another story where you have to add mailbox permissions. Then map it to user with full access, select folder and grant permission. Sounds good but if you have one hundred sub-folders there? Here is a way to avoid manual job and give read only access to shared or user mailbox in automated way.

1. If you have Shared mailbox convert it to User mailbox and reset a password.

2. Then connect to exchange online using credentials mentioned above:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

3. Grant ReadItems access to user (use samaccount name):
Get-MailboxFolder -Recurse | Add-MailboxFolderPermission -User user1 -AccessRights ReadItems

4. Map additional mailbox through account advanced settings of outlook.


By design administrators can't get-mailboxfolder for another user in Office 365. You have to be an owner of mailbox to perform this task. By the way do not forget to convert back to shared mailbox after all.

When user tries to remove any item in mapped mailbox following message appear:

6 comments:

  1. Hi, thank you for these instructions. I'm trying to connect to PowerShell with the useraccount but receive an access denied. Running the PowerShell command with an admin account results in an error mentioning that the admin account does not have a mailbox (which is correct). Can you let me know how I can make sure that the user account can connect to PowerShell so I can set the permissions? Kind regards, hope to hear from you.

    ReplyDelete
  2. There is simple way to configure read only mailbox permission. Open Office 365 portal. Go to Users - Active Users. Double click on user. Then go to Mailbox permissions. There you can find "Read and manage email to this mailbox".

    ReplyDelete
    Replies
    1. Hi Mate, I have tried this but I can't find Mailbox Permissions in the new and old admin centre.
      Tried the main method you mentioned above which worked fine for a licensed mailbox, is there anyway to do that on a SharedMailbox without converting it to a usermailbox? I am asking because I found out a way to configure outlook profile with a sharedmailbox without converting it as below:
      1-Create a distribution group and give it full access to the sharedmailbox.
      2-Add a user as a member to the distribution group.
      3-Configure new profile in Outlook, enter the sharedmailbox address then leave the password empty, at the end it will ask for login details like security window then enter the user that was added to the distgroup username and password it will work!
      So I was thinking if we can combine both ways to achieve the above example without converting the shared mailbox.
      I hope I didn't confuse you :)

      Delete
    2. According to your procedure you provide a full access to the mailbox via distribution list. Is that correct?

      Delete
  3. how about grant read only on a shared mailbox, thanks.

    ReplyDelete
  4. Shared mailbox shows "This user doesn’t have an Exchange mailbox. " in portal so I believe mailbox should be converted to regular, then you can easily grant read access to it. Then switch it back to shared I think permissions will stay unchanged.

    ReplyDelete