SOLVED

Defender for Office 365 and quarantined objects in shared mailboxes with security groups

%3CLINGO-SUB%20id%3D%22lingo-sub-2213113%22%20slang%3D%22en-US%22%3EDefender%20for%20Office%20365%20and%20quarantined%20objects%20in%20shared%20mailboxes%20with%20security%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2213113%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%20I%20hope%20to%20get%20a%20best%20practice%20or%20definitive%20answer%20on%20how%20to%20solve%20my%20current%20issue%20with%20releasing%20objects%20from%20quarantine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESituation%3A%20AD%20sync%20to%20O365%20(users%2C%20groups%2C%20devices)%2C%20Mailboxes%20are%20in%20Exchange%20Online%20(hybrid%20Exchange%20for%20some%20subsidiaries).%20Users%20have%20M365%20E3%20%2B%20Defender%20P1%20for%20threat%20protection.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIssue%3A%20We%20have%20several%20shared%20mailboxes%2C%20where%20multiple%20users%20have%20access%20to.%20While%20users%20can%20release%20quarantined%20objects%20as%20long%20as%20they%20have%20been%20given%20full%20access%20to%20the%20shared%20mailbox%20%3CSTRONG%3Eindividually%3C%2FSTRONG%3E%2C%20they%20will%20receive%20an%20error%2C%20when%20I%20give%20them%20access%20to%20the%20mailbox%20through%20a%20synced%20AD%20group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReason%20for%20using%20synced%20AD%20groups%20is%20the%20easier%20management%20and%20controlling%20of%20access%20to%20shared%20mailboxes.%20While%20the%20access%20itself%20works%20like%20a%20charm%2C%20and%20even%20accessing%20the%20quarantine%20of%20such%20shared%20mailbox%2C%20releasing%20mails%20doesn%C2%B4t.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUser%20get%C2%B4s%20following%20error%3A%20%22The%20operation%20couldn%C2%B4t%20be%20performed%20because%20the%20user%20does%20not%20have%20the%20authorization.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20advice%20or%20how%20are%20other%20bigger%20org%C2%B4s%20handling%20this%2C%20maybe%20I%C2%B4m%20totally%20wrong%20here%3F%20If%20this%20is%20already%20on%20Microsofts%20schedule%20or%20backlog%2C%20then%20forgive%20me%2C%20didn%C2%B4t%20find%20anything%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMichael%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2213113%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDefender%20for%20Office%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Equarantine%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eshared%20mailbox%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2213184%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Office%20365%20and%20quarantined%20objects%20in%20shared%20mailboxes%20with%20security%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2213184%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20like%20a%20scenario%20that%20Microsoft%20hasnt%20addressed%20(yet%3F)%2C%20adding%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174392%22%20target%3D%22_blank%22%3E%40Arindam%20Thokder%3C%2FA%3E%26nbsp%3Bjust%20in%20case.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2213218%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Office%20365%20and%20quarantined%20objects%20in%20shared%20mailboxes%20with%20security%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2213218%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B-%20We%20are%20already%20working%20on%20a%20feature%20to%20access%20quarantine%20for%20shared%20mailbox%20where%20permission%20is%20granted%20through%20security%20groups.%20I%20hope%20I%20can%20share%20something%20around%20early%20second%20half%20of%20the%20year%202021%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2213230%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Office%20365%20and%20quarantined%20objects%20in%20shared%20mailboxes%20with%20security%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2213230%22%20slang%3D%22en-US%22%3EGreat%20to%20hear%20that%20and%20thanks%20for%20the%20quick%20response%2C%20looking%20forward%20to%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2668577%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20for%20Office%20365%20and%20quarantined%20objects%20in%20shared%20mailboxes%20with%20security%20groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2668577%22%20slang%3D%22en-US%22%3EAny%20update%20on%20this%3F%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello everyone, I hope to get a best practice or definitive answer on how to solve my current issue with releasing objects from quarantine.

 

Situation: AD sync to O365 (users, groups, devices), Mailboxes are in Exchange Online (hybrid Exchange for some subsidiaries). Users have M365 E3 + Defender P1 for threat protection.

 

Issue: We have several shared mailboxes, where multiple users have access to. While users can release quarantined objects as long as they have been given full access to the shared mailbox individually, they will receive an error, when I give them access to the mailbox through a synced AD group.

 

Reason for using synced AD groups is the easier management and controlling of access to shared mailboxes. While the access itself works like a charm, and even accessing the quarantine of such shared mailbox, releasing mails doesn´t.

 

User get´s following error: "The operation couldn´t be performed because the user does not have the authorization."

 

Any advice or how are other bigger org´s handling this, maybe I´m totally wrong here? If this is already on Microsofts schedule or backlog, then forgive me, didn´t find anything on this.

 

Michael

4 Replies

Looks like a scenario that Microsoft hasnt addressed (yet?), adding @Arindam Thokder just in case.

best response confirmed by Vasil Michev (MVP)
Solution

@Vasil Michev - We are already working on a feature to access quarantine for shared mailbox where permission is granted through security groups. I hope I can share something around early second half of the year 2021

Great to hear that and thanks for the quick response, looking forward to it.