Extend Security by Disabling Direct Login from Office 365 Shared Mailboxes!


Why Shared Mailboxes?

Shared mailboxes benefit in different ways for organizations. The most common one is that users can access the same mailbox with varying levels of permission. Each shared mailbox can store up to 50GB of data without assigning a license to it and is widely used as a help desk or support email address. It all goes fine until it comes to shared mailbox security. So, what may be threats? Let's examine it with an example.

What are Some of the Insecurities of Shared Mailboxes?

Suspect that an attacker posed a password attack on your shared mailboxes to steal the credentials. As the mailbox is shared by multiple users, it would be difficult to identify the attack instantly. Also, the shared mailbox comes with an auto-generated password that can be reset, making things favorable for those attackers. Therefore it is always recommended to practice blocking sign-in for shared mailboxes.

For more detailed information and to know the different ways to block sign-in, please check out the following blog.

4 Replies

Hi @Aima_Tessa, to add to that, a shared mailbox account should always be a disabled account to comply to Microsoft license agreements. If the corresponding account is enabled, you should assign a license to it. Best regards,  Ruud 

@R_Gijsbers_Rademakers Thanks for your response!
According to my grasp, a shared mailbox account isn't disabled by default without a license. Microsoft did not ask for an agreement instead! I think that might be the reason, why blocking sign-in for those mailboxes is important. Thoughts on this?

Hi @Aima_Tessa, depending on the scenario, hybrid or cloud only, I would incorporate it into the process of creating the shared mailbox. First create the disabled account and enable the shared mailbox on that account as the second step. That way you'll make sure the account can't be logged on to upfront instead if doing it afterwards.

@R_Gijsbers_Rademakers Thanks for your suggestion. Will try this way!