01-31-2018 09:23 PM
01-31-2018 09:23 PM
I am interested in how admins are allowing 'owners' of shared mailboxes self administer. I am in the process of migrating from G Suite to o365 so investigating ways on how this can be done.
At the moment in Gmail I have shared mailboxes that 'owners' self manage. An 'owner' is identified as a person who has 'manage and edit' rights to the mailboxes calendar. So when the 'owner' logs into a web app there is an API call that looks up the calendars they manage and edit. They can then manage access to the corresponding mailboxes. They add/remove other users and a privileged account makes the updates via API calls.
When I migrate to o365 I want to replicate this type of work flow in some manner so that o365 admins don't have to manage the access rights. I have 1500 'shared' mailboxes in G Suite so there is a fair bit of admin involved. The shared mailboxes will probably be a combination of o365 shared mailboxes and user mailboxes. This is because I don't want to pay for a license for each shared mailbox but some require credentials so they can be authenticated to an app.
Any insight into how you are doing this would be appreciated.
01-31-2018 10:37 PM
02-01-2018 12:11 AM
I would suggest that you also look at Office 365 Groups, as they might be a good fit for some scenarios. They are designed with self-service management in mind, however they might lack some capabilities compared to shared mailboxes (exposing additional folders for example).
02-01-2018 02:56 PM
I am aware that shared mailboxes don't have credentials. For the mailboxes that require credentials and delegated permissions I will be assigning a user license. For those that just require a mailbox that is under 50GB's I will configure a shared mailbox.
There might be a different management process for each one of those scenarios.
09-12-2018 07:22 PM
Closing the loop on this one - we are using mail enabled security groups to manage access to shared mailboxes.
A group has read and manage and send on behalf access to a shared mailbox. Any member can access and send email on behalf of the shared mailbox and the owner of the group can manage add/remove members.
It was the simplest scalable solution we could find (~2000 shared mailboxes). It does mean you have lots of groups but a group owner is able to manage it through OWA without needing to contact the help desk.