Share via

Add a Shared Mailbox to multiple users their Authenticator App

Billy | IKANDA 11 Reputation points
2022-11-22T12:47:13.507+00:00

Hi there,

So we have a Shared Mailbox (because it has a license) that multiple users regularly use, now we have enabled MFA for a while now but not yet for our Shared Mailbox.
Now because we noticed many sign in attempts from all over the world, we were wondering if it is possible to enable MFA for that Shared Mailbox account.
I have already enabled MFA, and added the account in the authenticator app, but the problem is that nobody else is currently capable of adding that account to their authenticator app as well.

Any ideas on how to add the shared mailbox to multiple users in their Authenticator app?

Thanks in advance!

Kind regards,

Billy Cottrell
Software Developer
www.ikanda.be

Microsoft Security | Microsoft Authenticator

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 119.6K Reputation points MVP Volunteer Moderator
    2022-11-22T13:25:17.087+00:00

    Shared mailboxes do not have a password configured by default, so unless you specifically set a password, you cannot login directly to a shared mailbox. While technically possible, this is against the licensing terms however, and it's best to just convert the shared mailbox to a regular user one in such scenarios.
    What you should do to secure access instead is disable basic auth and any unused mail protocols. Those "sign in attempts from all over the world" all utilize basic auth, and will automatically be blocked once you disable it. Moreover, this will improve the security posture of the entire company, not just shared mailboxes.

    2 people found this answer helpful.
    0 comments
  2. Billy | IKANDA 11 Reputation points
    2022-11-24T14:16:03.073+00:00

    Hi @Vasil Michev ,

    Although the answer you provided wasn't really the answer I was looking for, but your information did help me to get a better understanding for Shared Mailboxes.
    We also contacted Microsoft Support and after a long conversation we decided on 2 options (we will investigate later on which one we will use).
    One option is to keep everything as is (as we need both the license and the login for certain reasons), apply MFA to the account and add it to Authentication app (up to 5 devices, which is the answer I was seeking).
    By following this documentation: https://support.microsoft.com/en-us/account-billing/set-up-the-microsoft-authenticator-app-as-your-verification-method-33452159-6af9-438f-8f82-63ce94cf3d29.
    This way we can have 5 users that manage the MFA auth so if a user is sick or on holiday, someone else can approve the authentication request.
    The other one would be like you mentioned, to remove the basic auth and just share the mailbox with the users. (although we won't be able to apply rules to that mailbox anymore)

    Thank you for your time and assistance!

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.