Home

Exchange Online Shared Mailbox SMTP and IMAP

%3CLINGO-SUB%20id%3D%22lingo-sub-85783%22%20slang%3D%22en-US%22%3EExchange%20Online%20Shared%20Mailbox%20SMTP%20and%20IMAP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-85783%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%20I%20have%20a%20following%20scenario%20which%20used%20to%20work%20couple%20of%20months%20back%3A%3C%2FP%3E%3CP%3EWe%20have%20an%20internal%20e-mail%20support%20(ticketing)%20system.%20Now%20in%20order%20for%20it%20to%20receive%20and%20send%20e-mails%20(through%20SMTP%20and%20IMAP)%2C%20we%20created%20a%20shared%20mailbox%20in%20Office%20365's%20Exchange%20Online%2C%20took%20its%20credentials%20(username%20and%20password)%20and%20used%20it%20with%20the%20application%2C%20which%20works%20perfectly%20with%20this%20account.%3C%2FP%3E%3CP%3ENext%2C%20we%20needed%20to%20do%20this%20again%20in%20January%2C%20in%20a%20different%20tenant%2C%20however%20we%20ended%20up%20with%20authentication%20errors%3A%3C%2FP%3E%3CPRE%3E535%205.7.3%20Authentication%20unsuccessful%20%5BMWHPR2001CA0010.namprd20.prod.outlook.com%5D%3C%2FPRE%3E%3CP%3EFunny%20thing%20is%2C%20that%20for%20existing%20shared%20mailboxes%20(created%20pre-January)%20it%20works%20fine.%20Only%20new%20ones%20have%20issue%20with%20that.%3C%2FP%3E%3CP%3EThe%20difference%20in%20the%20mailbox%20attributes%20(using%20PowerShell's%20Get-Mailbox)%20is%20only%3A%3C%2FP%3E%3CPRE%3EAccountDisabled%20%3A%20True%3C%2FPRE%3E%3CP%3Ewhich%20I%20don't%20seem%20able%20to%20change%2C%20whenever%20I%20try%20to%20do%20so%2C%20PowerShell%20responds%20with%3A%3C%2FP%3E%3CPRE%3EWARNING%3A%20Shared%20Mailbox%20'shared%40domain.com'%20cannot%20be%20enabled.%0AWARNING%3A%20The%20command%20completed%20successfully%20but%20no%20settings%20of%20'Shared'%20have%20been%20modified.%3C%2FPRE%3E%3CP%3ESo%20my%20question%20is%2C%20why%20did%20this%20stop%20working%20and%20how%20can%20this%20be%20resolved%3F%20I%20don't%20think%20it%20is%20appropriate%20for%20a%20ticketing%20system%20or%20a%20blog%20which%20sends%20out%20automatically%20e-mails%20to%20have%20a%20user%20license...%3C%2FP%3E%3CP%3EAlso%26nbsp%3Bhaving%20a%20single%20licensed%20user%20to%20access%20the%20shared%20mailboxes%20isn't%20really%20a%20solution%20because%20it%20would%20present%20a%20big%20security%20risk%20-%20if%20the%20delegated%20user's%20credentials%20leaked%20(since%20they%20would%20be%20used%20accross%20different%20applications%20from%20different%20developers%20and%20for%20different%20mailbox)%2C%20it%20would%20lead%20to%20big%20trouble.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EUpdate%3A%3C%2FSTRONG%3E%20Also%2C%20in%20my%20opinion%2C%20this%20scenario%20is%20supported%20by%20Microsoft%20as%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FHow-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESMTP%20Client%20Submission%3C%2FA%3E%2C%20but%20I%20wasn't%20able%20to%20find%20any%20appropriate%20tutorial%20for%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-85783%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-86438%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Shared%20Mailbox%20SMTP%20and%20IMAP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-86438%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20if%20you%20are%20authenticating%20as%20that%20mailbox%2C%20it%20will%20need%20a%20license.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-86385%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Shared%20Mailbox%20SMTP%20and%20IMAP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-86385%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20in%20general%2C%20the%20mailboxes%20used%20with%20SMTP%20client%20submission%20need%20to%20be%20licensed%20in%20order%20for%20to%20be%20used%20-%20is%20that%20correct%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-86354%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Shared%20Mailbox%20SMTP%20and%20IMAP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-86354%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20far%20as%20I%20know%2C%20a%20true%20shared%20mailboxes%20have%20never%20allowed%20direct%20logon.%20Its%20the%20whole%20reason%20they%20dont%20require%20a%20license%20for%20that%20mailbox.%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fjj966275(v%3Dexchg.150).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fjj966275(v%3Dexchg.150).aspx%3C%2FA%3E%3C%2FP%3E%3CP%3EIf%20that%20worked%20before%2C%20then%20maybe%20it%20was%20a%20bug%20or%20wasnt%20implemented%20correctly%20yet%20in%20your%20tenant.%3C%2FP%3E%3CP%3ERegardless%2C%20if%20you%20want%20to%20be%20able%20to%20logon%20directly%20to%20it%2C%20you%20will%20need%20to%20covert%20it%20to%20a%20regular%20mailbox%20and%20apply%20a%20license%2C%20or%20if%20you%20are%20in%20hybrid%20mode%2C%20move%20it%20back%20on-prem.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jan Hajek
MVP

Hello everyone, I have a following scenario which used to work couple of months back:

We have an internal e-mail support (ticketing) system. Now in order for it to receive and send e-mails (through SMTP and IMAP), we created a shared mailbox in Office 365's Exchange Online, took its credentials (username and password) and used it with the application, which works perfectly with this account.

Next, we needed to do this again in January, in a different tenant, however we ended up with authentication errors:

535 5.7.3 Authentication unsuccessful [MWHPR2001CA0010.namprd20.prod.outlook.com]

Funny thing is, that for existing shared mailboxes (created pre-January) it works fine. Only new ones have issue with that.

The difference in the mailbox attributes (using PowerShell's Get-Mailbox) is only:

AccountDisabled : True

which I don't seem able to change, whenever I try to do so, PowerShell responds with:

WARNING: Shared Mailbox 'shared@domain.com' cannot be enabled.
WARNING: The command completed successfully but no settings of 'Shared' have been modified.

So my question is, why did this stop working and how can this be resolved? I don't think it is appropriate for a ticketing system or a blog which sends out automatically e-mails to have a user license...

Also having a single licensed user to access the shared mailboxes isn't really a solution because it would present a big security risk - if the delegated user's credentials leaked (since they would be used accross different applications from different developers and for different mailbox), it would lead to big trouble.

 

Update: Also, in my opinion, this scenario is supported by Microsoft as SMTP Client Submission, but I wasn't able to find any appropriate tutorial for this.

3 Replies

As far as I know, a true shared mailboxes have never allowed direct logon. Its the whole reason they dont require a license for that mailbox. https://technet.microsoft.com/en-us/library/jj966275(v=exchg.150).aspx

If that worked before, then maybe it was a bug or wasnt implemented correctly yet in your tenant.

Regardless, if you want to be able to logon directly to it, you will need to covert it to a regular mailbox and apply a license, or if you are in hybrid mode, move it back on-prem.

So in general, the mailboxes used with SMTP client submission need to be licensed in order for to be used - is that correct?

Yes, if you are authenticating as that mailbox, it will need a license.

Related Conversations