automapping for security group

Fugazi 21 Reputation points

Hi,

As it said on Shared mailboxes in Exchange Online page "Users who are members of the security group will be granted the permissions to the mailbox".
Ok, but automapping doesn't work for security group, so it's partially useless.

Do you know a clean PS script that allows to add and remove members of a security group in delegated users? (or any other technique to have automapping on a security group)

Thanks.

  1. Joyce Shen - MSFT 16,706 Reputation points

    Hi @AGEP-7731

    Do suggestions below help, and do you have any other concern about this question?

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Sign in to comment

Answer accepted by question author

Andy David - MVP 160.3K Reputation points MVP Volunteer Moderator

Currently not possible since automapping leverages auto discovery. The auto discovery piece would need the ability to expand the group ( and expand it each time it ran) and thats not part of the specification.

You can always request as a feature however

https://feedbackportal.microsoft.com/feedback/forum/89a8afa3-2e1c-ec11-b6e7-0022481f8472

0 comments No comments
Sign in to comment

4 additional answers

  1. Hi @Fugazi

    Is it still necessary to use mail-enabled security groups for Automapping to work?

    Regards,

    Manfred

    0 comments No comments
    Sign in to comment

  2. Hi Fugazi

    We have developed a solution that enables the use of Security Groups for Shared Mailboxes, including a working automapping solution for Outlook (Classic), the new Outlook, and OWA. Feel free to PM me for more details.

    Manfred

    0 comments No comments
    Sign in to comment
  3. Fugazi 21 Reputation points

    Thanks, but I know powershell well and have been using these commands for a long time.
    The question here is to overcome the lack of automapping on a security group.

    0 comments No comments
    Sign in to comment
  4. Joyce Shen - MSFT 16,706 Reputation points

    Hi @AGEP-7731

    Note that auto-mapping will only work for individual users granted the proper permissions and will not work for any kind of group. So the scenario you mentioned above is by design.

    For delegate permission management, you could refer to the script here:
    You use the Add-MailboxPermission and Remove-MailboxPermission cmdlets to manage the Full Access permission for mailboxes. 

    Add-MailboxPermission -Identity <MailboxIdentity> -User <DelegateIdentity> -AccessRights FullAccess -InheritanceType All [-AutoMapping $false] 
Remove-MailboxPermission -Identity <MailboxIdentity> -User <DelegateIdentity> -AccessRights FullAccess -InheritanceType All

    You use the Add-RecipientPermission and Remove-RecipientPermission cmdlets to manage the Send As permission for mailboxes and groups. 

    <Add-RecipientPermission | Remove-RecipientPermission> -Identity <MailboxOrGroupIdentity> -Trustee <DelegateIdentity> -AccessRights SendAs

    You use the GrantSendOnBehalfTo parameter on the various mailbox and group Set- cmdlets to manage the Send on Behalf permission for mailboxes and groups

    • Set-Mailbox
    • Set-DistributionGroup: Distribution groups and mail-enabled security groups.
    • Set-DynamicDistributionGroup
    • Set-UnifiedGroup: Microsoft 365 groups. <Cmdlet> -Identity <MailboxOrGroupIdentity> -GrantSendOnBehalfTo <Delegates>

    And the thread here discussed the similar question: Shared Mailbox permissions to security group not showing in Outlook?

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments
    Sign in to comment
Sign in to answer

Your answer