SOLVED
Home

Send As Service Account in Hybrid Setup

%3CLINGO-SUB%20id%3D%22lingo-sub-298078%22%20slang%3D%22en-US%22%3ESend%20As%20Service%20Account%20in%20Hybrid%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298078%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EHere's%20my%20scenario%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EService%20account%20in%20SQL%20is%20generating%20emails%2C%20and%20those%20emails%20need%20to%20come%20from%20a%20shared%20mailbox%20based%20in%20Exchange%20Online.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EService%20account%20isn't%20mail%20enabled%2C%20and%20could%20be%20-%20but%20that'd%20use%20a%20license.%3C%2FP%3E%0A%3CP%3EI%20can't%20add%20the%20service%20account%20to%20give%20it%20send%20as%20permissions%20on%20an%20Exchange%20Online.%3C%2FP%3E%0A%3CP%3EI%20can't%20log%20on%20with%20the%20shared%20mailbox%20to%20send%20the%20email%20as%20that's%20a%20disabled%20account%20as%20per%20shared%20mailbox%20requirements.%3C%2FP%3E%0A%3CP%3EI%20don't%20want%20to%20use%20Exchange%20On-prem%20as%20the%20SMTP%20server%20and%20send%20the%20emails%20anonymously%2C%20as%20the%20groups%20the%20emails%20go%20to%20are%20set%20to%20only%20accept%20authenticated%20senders%20so%20we%20don't%20get%20spammed%20from%20the%20outside.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHow%20do%20I%20do%20a%20send%20as%20without%20using%20another%20license%2C%20or%20is%20that%20not%20possible%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-298078%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298645%22%20slang%3D%22en-US%22%3ERe%3A%20Send%20As%20Service%20Account%20in%20Hybrid%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298645%22%20slang%3D%22en-US%22%3EGlad%20I%20helped%20Adam%2C%20look%20forward%20to%20working%20together%20again%20soon.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298623%22%20slang%3D%22en-US%22%3ERe%3A%20Send%20As%20Service%20Account%20in%20Hybrid%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298623%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Chris%2C%3C%2FP%3E%0A%3CP%3EThanks%20for%20the%20response.%20I%20think%20the%20best%20outcome%20I%20can%20get%20then%2C%20is%20a%20single%20service%20account%20that%20uses%20a%20license%2C%20and%20is%20added%20as%20'send%20as'%20rights%20for%20any%20mailbox%20it's%20impersonating.%20That%20can%20then%20be%20used%20across%20multiple%20systems.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou're%20right%2C%20as%20long%20as%20I%20don't%20need%20EWS%2C%20a%20Kiosk%20license%20will%20do%20the%20job.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-298222%22%20slang%3D%22en-US%22%3ERe%3A%20Send%20As%20Service%20Account%20in%20Hybrid%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-298222%22%20slang%3D%22en-US%22%3EHi%20Adam%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAFAIK%2C%20don't%20think%20that's%20possible%2C%20I%20think%20in%20this%20scenario%20(where%20you%20need%20to%20use%20that%20specific%20mailbox%2C%20using%20authenticated%20SMTP%20via%20smtp.office365.com%20587%20and%20groups%20which%20only%20accept%20from%20authenticated%20senders)%20its%20an%20authenticated%20mailbox.%20For%20that%2C%20a%20Kiosk%20mailbox%20which%20is%20much%20cheaper%20than%20standard%20EO%20mailboxes%20should%20suffice%20so%20it%20would%20simply%20mean%20converting%20the%20shared%20mailbox%20into%20a%20kiosk%20mailbox.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20there%20wasn't%20the%20authentication%20requirement%2C%20you%20could%20have%20done%20it%20by%20using%20direct%20send%20with%20an%20inbound%20connector%20(fixed%20to%20your%20firewall%20IP)%20and%20then%20direct%20the%20sending%20application%20at%20the%20365%20MX%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2FExchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3%3FredirectSourcePath%3D%25252fen-ie%25252farticle%25252fHow-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2FExchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3%3FredirectSourcePath%3D%25252fen-ie%25252farticle%25252fHow-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Adam Fowler
MVP

Hi,

Here's my scenario:

 

Service account in SQL is generating emails, and those emails need to come from a shared mailbox based in Exchange Online.

 

Service account isn't mail enabled, and could be - but that'd use a license.

I can't add the service account to give it send as permissions on an Exchange Online.

I can't log on with the shared mailbox to send the email as that's a disabled account as per shared mailbox requirements.

I don't want to use Exchange On-prem as the SMTP server and send the emails anonymously, as the groups the emails go to are set to only accept authenticated senders so we don't get spammed from the outside.

 

How do I do a send as without using another license, or is that not possible?

3 Replies
Solution
Hi Adam,

AFAIK, don't think that's possible, I think in this scenario (where you need to use that specific mailbox, using authenticated SMTP via smtp.office365.com 587 and groups which only accept from authenticated senders) its an authenticated mailbox. For that, a Kiosk mailbox which is much cheaper than standard EO mailboxes should suffice so it would simply mean converting the shared mailbox into a kiosk mailbox.

If there wasn't the authentication requirement, you could have done it by using direct send with an inbound connector (fixed to your firewall IP) and then direct the sending application at the 365 MX

https://docs.microsoft.com/en-gb/Exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-dev...

Best, Chris


Hi Chris,

Thanks for the response. I think the best outcome I can get then, is a single service account that uses a license, and is added as 'send as' rights for any mailbox it's impersonating. That can then be used across multiple systems.

 

You're right, as long as I don't need EWS, a Kiosk license will do the job.

Glad I helped Adam, look forward to working together again soon.

Best, Chris