Some fun facts about the status of accounts/mailboxes in Exchange Online:
Shared and resource mailbox accounts are not blocked by default (i.e. the BlockCredential property is not set to True), they are disabled in Exchange. You can change the password for a shared/resource mailbox account by using the Set-MsolPassword cmdlet, and once you have the password, you can login to the Office 365 Portal. You can even assign licenses to it and provision it for services.
Opening a shared mailbox directly in Outlook and/or OWA is a different matter however. Even when you apply a license to the mailbox, and change the password as described above, if you try to login to OWA you will get the following message:
Bummer. And here is why it’s happening:
PS C:\> Get-Mailbox testforms | ft ExchangeUserAccountControl ExchangeUserAccountControl -------------------------- AccountDisabled
Funny thing is that it was working just fine in 2010, if you had licensed the mailbox first. That’s right, even back then there was no way to access it without actually paying for the license. Though I’ve seen many people trying to outwit Microsoft on this, and act disappointed once you bring them the bad news.
Anyway, not all is lost, as you can still open it using the “Open Another Mailbox” functionality in OWA or using the direct link:
https://podXXXX.outlook.com/owa/testforms@tenant.onmicrosoft.com/
Adding it as secondary mailbox in Outlook is also no-brainer, but few people realize that you can actually open it as a regular account. All you need is full access permissions. Here are the steps:
-
Create a new profile or simply start adding additional account in the existing one
-
On the first page of the wizard, enter the mail/UPN of the shared mailbox and some random stuff for the password (make sure you retype the same thing though!)
-
Let AutoDiscover do it’s magic and when prompted for credentials, stop for a moment
-
This is the important part: in the credentials prompt dialog, enter YOUR username and password
-
You will be prompted one more time, again enter YOUR username and password
-
The wizard should then complete and you can adjust additional settings as necessary
Now, you can work with the shared mailbox as it was your own. Adding delegates for example, adjusting private item visibility, sending messages directly (you still need Send As permissions!). And the best thing about it is that you can do it regardless of whether the mailbox is enabled and/or licensed.
While we are on the subject, here’s another interesting fact: disabling a user account will not disable the mailbox. While the owner will not be able to access any part of the service, his mailbox is still active and he can still receive mail. If you are added as delegate, you can still access the mailbox either in OWA or Outlook (even add it as primary using the steps above), and you can still Send As or Send on Behalf of it. The explanation again is simple:
PS C:\> Get-MsolUser -UserPrincipalName user@domain.com | ft BlockCredential,@{n="ExchangeUAC";e={(Get-Mailbox -Identity $_.UserPrincipalName).ExchangeUserAccountControl}} -AutoSize
BlockCredential ExchangeUAC
--------------- -----------
True None