Create a shared mailbox
t's easy to create shared mailboxes so a group of people can monitor and send email from a common email addresses, like info@contoso.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user.
Shared mailboxes include a shared calendar. A lot of small businesses like to use the shared calendar as a place for everyone to enter their appointments. For example, if you have 3 people who do customer visits, all can use the shared calendar to enter the appointments. This is an easy way to keep everyone informed where people are.
Create a shared mailbox and add members
- Sign in with a global admin account or Exchange admin account. If you get the message "You don't have permission to access this page or perform this action," then you aren't an admin.
- In the admin center, go to the Groups > Shared mailboxes page.
-
On the Shared mailboxes page, select + Add a mailbox. Enter a name for the shared mailbox. Then the wizard chooses the email address, but you can edit it.
-
Select Add. It may take a few minutes before you can add members.
-
Under Next steps, select Add members to this mailbox. Members are the people who will be able to view the incoming mail to this shared mailbox, and the outgoing replies.
-
Select the +Add members button. Put a check mark next to the people who you want to use this shared mailbox, and select Save.
-
Select Close.
You have a shared mailbox and it includes a shared calendar. Now go on to the next step: block sign-in for the shared mailbox account.
Which permissions should you use?
You can use the following permissions with a shared mailbox:
-
Full Access: The Full Access permission lets a user open the shared mailbox and act as the owner of that mailbox. After accessing the shared mailbox, a user can create calendar items, read, view, delete, and change email messages, and create tasks and calendar contacts. However, a user with Full Access permission can't send email from the shared mailbox unless they also have Send As or Send on Behalf permission.
-
Send As: The Send As permission lets a user impersonate the shared mailbox when sending mail. For example, if Katerina logs into the shared mailbox Marketing Department and sends an email, it will look like the Marketing Department sent the email.
-
Send on Behalf: The Send on Behalf permission lets a user send email on behalf of the shared mailbox. For example, if John logs into the shared mailbox Reception Building 32 and sends an email, it will look like the mail was sent by "John on behalf of Reception Building 32". You can't use the EAC to grant Send on Behalf permissions, you must use the Set-Mailbox cmdlet with the GrantSendonBehalf parameter.
Use the EAC to edit shared mailbox delegation
-
In the EAC, go to Recipients > Shared. Select the shared mailbox, and then select Edit .
-
Select Mailbox delegation.
-
To grant or remove Full Access and Send As permissions, select Add or Remove and then select the users you want to grant permissions to.
Note
The Full Access permission allows a user to open the mailbox as well as create and modify items in it. The Send As permission allows anyone other than the mailbox owner to send email from this shared mailbox. Both permissions are required for successful shared mailbox operation.
-
Select Save to save your changes.
Block sign-in for the shared mailbox account
Every shared mailbox has a corresponding user account. Notice how you weren't asked to provide a password when you created the shared mailbox? The account has a password, but it's system-generated (unknown). You aren't supposed to use the account to log in to the shared mailbox.
But what if an admin simply resets the password of the shared mailbox user account? Or what if an attacker gains access to the shared mailbox account credentials? This would allow the user account to log in to the shared mailbox and send email. To prevent this, you need to block sign-in for the account that's associated with the shared mailbox.
-
In the admin center, go to the Users > Active users page.
-
In the list of user accounts, find the account for the shared mailbox (for example, change the filter to Unlicensed users).
-
Select the user to open their properties pane, and then select the Block this user icon .
Note: If the account is already blocked, Sign in blocked will appear at the top and the icon will read Unblock this user.
-
In the Block this user? pane, select Block the user from signing in, and then select Save changes.
Add the shared mailbox to Outlook
If you have automapping enabled in your business (by default, most people do), the shared mailbox will appear in your user's Outlook app automatically after they close and restart Outlook.
Automapping is set on the user's mailbox, not the shared mailbox. This means if you try to use a security group to manage who has access to the shared mailbox, automapping won't work. So, if you want automapping, you have to assign permissions explicitly. Automapping is on by default.
Use a shared mailbox on a mobile device (phone or tablet)
You can access a shared mailbox on a mobile device in two ways:
-
Add the shared mailbox in the Outlook for iOS app or the Outlook for Android mobile app.
-
Open your browser, sign in, and then go to Outlook on the web. From Outlook on the web you'll be able to access the shared mailbox.
Use the shared calendar
When you created the shared mailbox, you automatically created a shared calendar. We like the shared mailbox calendar rather than a SharePoint calendar for keeping track of appointments and where people are. A shared calendar is integrated with Outlook and it's much easier to use than a SharePoint calendar.
-
In the Outlook app, go to calendar view, and select the shared mailbox.
-
When you enter appointments, everyone who is a member of the shared mailbox will be able to see them.
-
Any member of the shared mailbox can create, view, and manage appointments on the calendar, just like they would their personal appointments. Everyone who is a member of shared mailbox can see their changes to the shared calendar.