Managing delegated access

Highlighted
New Contributor

Hi All,

 

I am interested in how admins are allowing 'owners' of shared mailboxes self administer. I am in the process of migrating from G Suite to o365 so investigating ways on how this can be done.

 

At the moment in Gmail I have shared mailboxes that 'owners' self manage.  An 'owner' is identified as a person who has 'manage and edit' rights to the mailboxes calendar.  So when the 'owner' logs into a web app there is an API call that looks up the calendars they manage and edit.  They can then manage access to the corresponding mailboxes.  They add/remove other users and a privileged account makes the updates via API calls.

 

When I migrate to o365 I want to replicate this type of work flow in some manner so that o365 admins don't have to manage the access rights.  I have 1500 'shared' mailboxes in G Suite so there is a fair bit of admin involved.  The shared mailboxes will probably be a combination of o365 shared mailboxes and user mailboxes.  This is because I don't want to pay for a license for each shared mailbox but some require credentials so they can be authenticated to an app.

 

Any insight into how you are doing this would be appreciated.

 

Thanks,
Matt

4 Replies
Highlighted
In your migration planning bear in mind that in Office 365 Shared Mailboxes does not have a set of credentials...access to them is granted by setting the required permissions. In regards of self-capabilities for end users to configure access to mailboxes, I'm not aware of a way to do it and I think you need to have a minimum role in Office 365 to do it: https://support.office.com/en-us/article/give-mailbox-permissions-to-another-user-in-office-365-admi...

I would suggest that you also look at Office 365 Groups, as they might be a good fit for some scenarios. They are designed with self-service management in mind, however they might lack some capabilities compared to shared mailboxes (exposing additional folders for example).

 

 

Highlighted

Thanks Juan.

 

I am aware that shared mailboxes don't have credentials.  For the mailboxes that require credentials and  delegated permissions I will be assigning a user license.  For those that just require a mailbox that is under 50GB's I will configure a shared mailbox.

 

There might be a different management process for each one of those scenarios.

Highlighted

Closing the loop on this one - we are using mail enabled security groups to manage access to shared mailboxes. 

 

A group has read and manage and send on behalf access to a shared mailbox.  Any member can access and send email on behalf of the shared mailbox and the owner of the group can manage add/remove members.

 

It was the simplest scalable solution we could find (~2000 shared mailboxes). It does mean you have lots of groups but a group owner is able to manage it through OWA without needing to contact the help desk.