cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Managing delegated access

Matt Ahern
Copper Contributor

‎Jan 31 2018 09:23 PM

‎Jan 31 2018 09:23 PM

Managing delegated access

Hi All,

 

I am interested in how admins are allowing 'owners' of shared mailboxes self administer. I am in the process of migrating from G Suite to o365 so investigating ways on how this can be done.

 

At the moment in Gmail I have shared mailboxes that 'owners' self manage.  An 'owner' is identified as a person who has 'manage and edit' rights to the mailboxes calendar.  So when the 'owner' logs into a web app there is an API call that looks up the calendars they manage and edit.  They can then manage access to the corresponding mailboxes.  They add/remove other users and a privileged account makes the updates via API calls.

 

When I migrate to o365 I want to replicate this type of work flow in some manner so that o365 admins don't have to manage the access rights.  I have 1500 'shared' mailboxes in G Suite so there is a fair bit of admin involved.  The shared mailboxes will probably be a combination of o365 shared mailboxes and user mailboxes.  This is because I don't want to pay for a license for each shared mailbox but some require credentials so they can be authenticated to an app.

 

Any insight into how you are doing this would be appreciated.

 

Thanks,
Matt

Labels:
1,304 Views
0 Likes
4 Replies
Reply
4 Replies
Juan Carlos González Martín

‎Jan 31 2018 10:37 PM

‎Jan 31 2018 10:37 PM

Re: Managing delegated access

In your migration planning bear in mind that in Office 365 Shared Mailboxes does not have a set of credentials...access to them is granted by setting the required permissions. In regards of self-capabilities for end users to configure access to mailboxes, I'm not aware of a way to do it and I think you need to have a minimum role in Office 365 to do it: https://support.office.com/en-us/article/give-mailbox-permissions-to-another-user-in-office-365-admi...
0 Likes
Reply
Vasil Michev

‎Feb 01 2018 12:11 AM

‎Feb 01 2018 12:11 AM

Re: Managing delegated access

I would suggest that you also look at Office 365 Groups, as they might be a good fit for some scenarios. They are designed with self-service management in mind, however they might lack some capabilities compared to shared mailboxes (exposing additional folders for example).

 

 

0 Likes
Reply
Matt Ahern

‎Feb 01 2018 02:56 PM

‎Feb 01 2018 02:56 PM

Re: Managing delegated access

Thanks Juan.

 

I am aware that shared mailboxes don't have credentials.  For the mailboxes that require credentials and  delegated permissions I will be assigning a user license.  For those that just require a mailbox that is under 50GB's I will configure a shared mailbox.

 

There might be a different management process for each one of those scenarios.

0 Likes
Reply
Matt Ahern

‎Sep 12 2018 07:22 PM

‎Sep 12 2018 07:22 PM

Re: Managing delegated access

Closing the loop on this one - we are using mail enabled security groups to manage access to shared mailboxes. 

 

A group has read and manage and send on behalf access to a shared mailbox.  Any member can access and send email on behalf of the shared mailbox and the owner of the group can manage add/remove members.

 

It was the simplest scalable solution we could find (~2000 shared mailboxes). It does mean you have lots of groups but a group owner is able to manage it through OWA without needing to contact the help desk.

 

 

0 Likes
Reply