SOLVED

Giving a 365 group access to shared mailbox and other resources

%3CLINGO-SUB%20id%3D%22lingo-sub-2406870%22%20slang%3D%22en-US%22%3EGiving%20a%20365%20group%20access%20to%20shared%20mailbox%20and%20other%20resources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2406870%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%2C%20hoping%20to%20get%20some%20help%2C%20relatively%20new%20to%20O365.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20what%20I%20would%20like%20to%20set%20up%20in%20my%20organisation%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E365%20groups%20are%20the%20centralised-core%20(master)%20resource%20of%20each%20team%20and%20the%20source%20of%20providing%20access%20to%20other%20resources.%20I%20want%20to%20use%20365%20groups%20because%20they%20offer%20the%20%3CSTRONG%3Eflexibility%20of%20dynamic%20membership%3C%2FSTRONG%3E%20and%26nbsp%3B%3CSTRONG%3Eallow%3C%2FSTRONG%3E%20%3CSTRONG%3Eowners%20to%20add%20members%3C%2FSTRONG%3E%20with%20ease.%3C%2FLI%3E%3CLI%3EThen%20use%20the%20365%20group%20to%20grant%20permissions%20to%20a%20shared%20mailbox%20%2F%20distribution%20list.%20We%20want%20to%20keep%20using%20shared%20mailboxes%20and%20distribution%20lists%20because%20of%20the%20functionality%20they%20offer%20that%20365%20groups%20don't.%3C%2FLI%3E%3C%2FUL%3E%3CP%3EMy%20best%20solution%20to%20this%20problem%20is%20to%20create%20%3CSTRONG%3Email-enabled%20security%20groups%3C%2FSTRONG%3E%26nbsp%3Bin%26nbsp%3B%3CSPAN%3EExchange%20admin%20center.%20I%20then%20add%20the%20group%20to%20the%20shared%20mailbox%20%2F%20distribution%20list.%20The%20problem%20with%20this%20method%20is%20that%20admins%20are%20still%20required%20to%20manually%20add%20users%20to%20the%20mail-enabled%20security%20group%2C%20and%20owners%20cannot.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAm%20I%20able%20to%20do%20the%20bullet%20points%20outlined%20above%20or%20is%20there%20another%20way%20to%20achieve%20what%20I%20want%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2406870%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2407008%22%20slang%3D%22en-US%22%3ERe%3A%20Giving%20a%20365%20group%20access%20to%20shared%20mailbox%20and%20other%20resources%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2407008%22%20slang%3D%22en-US%22%3EOffice%20365%20Groups%20are%20not%20security%20principals%2C%20so%20you%20cannot%20use%20them%20for%20tasks%20such%20as%20delegating%20permissions.%20This%20is%20not%20universally%20true%20and%20things%20are%20slowly%20changing%20in%20that%20direction%2C%20but%20for%20the%20case%20of%20granting%20permissions%20to%20a%20Shared%20mailbox%2C%20stick%20to%20good%20old%20MESG%2C%20for%20now.%3C%2FLINGO-BODY%3E
New Contributor

Hi everyone, hoping to get some help, relatively new to O365.

 

This is what I would like to set up in my organisation:

 

  • 365 groups are the centralised-core (master) resource of each team and the source of providing access to other resources. I want to use 365 groups because they offer the flexibility of dynamic membership and allow owners to add members with ease.
  • Then use the 365 group to grant permissions to a shared mailbox / distribution list. We want to keep using shared mailboxes and distribution lists because of the functionality they offer that 365 groups don't.

My best solution to this problem is to create mail-enabled security groups in Exchange admin center. I then add the group to the shared mailbox / distribution list. The problem with this method is that admins are still required to manually add users to the mail-enabled security group, and owners cannot.

 

Am I able to do the bullet points outlined above or is there another way to achieve what I want?

2 Replies
best response confirmed by AJhumm700 (New Contributor)
Solution
Office 365 Groups are not security principals, so you cannot use them for tasks such as delegating permissions. This is not universally true and things are slowly changing in that direction, but for the case of granting permissions to a Shared mailbox, stick to good old MESG, for now.

@Vasil Michev Thanks Vasil, looking forward to the day everything can be managed dynamically through a central group!