SOLVED

Unable to send email from Shared Mailbox when mailbox is shared with a Group

Copper Contributor

Hello Tech Community,

I hope you can help, please.

I created a Shared Mailbox. I assigned a Microsoft 365 Group to it called "All Company", which I believe every tenancy has.

 

But when I log into Outlook in the browser and try to send an email from my mailbox, but sending as the Shared Mailbox it says: "You don't have permissions to send messages from this mailbox".

 

I am a member of the "All Company" Group, and so is the Shared Mailbox.

GarryLSPope_0-1643088096245.png

 

Any idea why I can't send emails on behalf of this Shared Mailbox? 

 

Also, don't know if it helps, but I am also unable to log into the Shared Mailbox.

GarryLSPope_1-1643088280463.png

 

Any help would be greatly appreciated.


Thanks very much,


Garry

6 Replies
You cannot use Microsoft 365 Groups to delegate mailbox permissions. Use a mail-enabled security group instead, or grant the permissions directly on the user level.

Hello @VasilMichev,

 

Thanks so much for your reply. I really appreciate it.

When I read about Mail-enabled Security Groups, it does not mention that they have the ability for a member to send on behalf of the email address associated with the Mail-enabled Security Group.

 

So if I'm a member of a Mail-enabled Security Group, can I send an email as that group to an external person, such as a customer, and that they won't see my email address, but the Group email address?

 

Thanks very much.

 

 

best response confirmed by GarryLSPope (Copper Contributor)
Solution
We might be talking about two different things here. What I meant above, is that you cannot use a M365 Group for delegating permissions to the shared mailbox. This is because M365 Groups are still not considered security principals across all workloads, whereas MESGs inherently are.

If you are a member of a MESG, and said MESG has been granted Send on behalf of permissions on a shared mailbox, you will be able to sent messages on behalf of the shared mailbox. The customer will in turn see the shared mailbox address, prefixed with the MESG group name and "on behalf of". If you only want them to see the shared mailbox address, use Send As permissions instead. If you want them to see only the MESG address, the shared mailbox doesn't need to be in the picture at all.

Hello @VasilMichev,


Thanks so much for all your help. This is wonderful. So, my next steps are:

  1. Delete the Shared Mailbox
  2. Create a Mail-enabled Security Group
  3. Test that I can send an email as the Mail-enabled Security Group to a "customer" and receive a reply back to that Mail-enabled Security Group email.

Thanks very much,

 

Garry

Hello @VasilMichev,

Sorry, one last question, please.

So, no matter what group I create "Shared Mailbox", "Mail-enabled Security Group" or even "Microsoft 365 Group", I must enable the ability to "Send as" or "Send on behalf" to be able to send an email?

 

Plus, this must be a user and not a Group, right? When I looked at this documentation it doesn't mention sending as a Group, but a User.

 

Again, thanks so much for your help.

Both User and Groups can work with Send As, the deciding factor is usually what you want to do with any sent/received messages, and how many people will need access to those. But yes, since none of those object types represent a user per se, you cannot send messages directly, and you need to use either Send As or Send on behalf of permissions.
1 best response

Accepted Solutions
best response confirmed by GarryLSPope (Copper Contributor)
Solution
We might be talking about two different things here. What I meant above, is that you cannot use a M365 Group for delegating permissions to the shared mailbox. This is because M365 Groups are still not considered security principals across all workloads, whereas MESGs inherently are.

If you are a member of a MESG, and said MESG has been granted Send on behalf of permissions on a shared mailbox, you will be able to sent messages on behalf of the shared mailbox. The customer will in turn see the shared mailbox address, prefixed with the MESG group name and "on behalf of". If you only want them to see the shared mailbox address, use Send As permissions instead. If you want them to see only the MESG address, the shared mailbox doesn't need to be in the picture at all.

View solution in original post