This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 99%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESI%3C/text%3E%3C/svg%3E)
Dear All,
I am in the midst of enabling MFA for my environment but we come across a challenge in enabling MFA for shared email addresses in our domain.
The email is shared by multiple people working on shift. To register one phone number for TAC sending purposes would be very inconvenient.
Is there any other way to enable MFA for shared email?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 10%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hello,
Am having similar challenges like yours. Did you get some solutions. Please share.
Regards
Munesh
Well, shared mailboxes aren't supposed to be accessed directly, instead you grant user's Full access and they use their own credentials. Thus if MFA is needed/enforced, the users perform the challenge against their own accounts.
Logging into a shared mailbox with its own credentials is against the licensing terms.
Hi Michev,
I think you are commenting about other things here.
FYI, I am asking about F3 mailboxes that are shared among our technician.
We don't assign dedicated mailbox license for each user due to low utilization and it was used for instruction sending by their superior to those technician working on shift.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 9%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Hi Michev
, Can you please point me to any link or a reference document which highlights the steps as to ' How to access a shared mailbox using inidividual account and MFA'.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.99999999999999%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
on outlook.office.com, top right corner profile icon > Open another mailbox > enter shared mailbox address > Open
On Outlook app adds shared mailbox as new mailbox, when prompted to login enter your personal username password.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 55.00000000000001%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Thanks for your answer, I am having the same issue as OP and this answer makes a lot of sense now on how to enable MFA. So my questions is now, if I change the account to a shared email and setup personal accounts for users who have to access said email, does the personal user account need a M365 license to email out as the shared account? I assume no since the shared account has the license and they are emailing as that account and not their personal account.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 20%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Why does Microsoft list out shared mailboxes in the https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx page and allows us to enable/disable MFA on shared mailboxes, if shared mailboxes shouldn't have MFA? Any ideas?
Your best approach would be to create a resource mailbox.
Then, for each person that needs to access the resource mailbox, you'd create a user mailbox. You can assign each user mailbox with owner permissions to the resource mailbox. In the Outlook experience for each of these users (Outlook Mobile, Outlook on the web or the Office Outlook application) the resource mailbox would then automatically show up as an additional mailbox.
From my experience, shared mailboxes and shared accounts are common in retail scenarios, where the additional licensing for F1 or E1 licensing is a significant burden, but it's the best approach forward.
Although still in preview, you can also specify a FIDO2 security key for the shared mailbox. This offers a solution for accounts that are shared in one physical location. Then, you'd share the PIN with each of the persons that need to access the account. FIDO2 authentication with PIN satisfies the multi-factor authentication requirements for Conditional Access, too.
I will look into your suggestion.
Thanks Sander.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 61%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
This is somehow an issue for me as well, we use shared mailboxes company wide, but all our employees have searching issues in (365) Shared mailboxes.
Our solution to this issue was adding the shared mailbox as a user in Outlook (and removing mailbox delegations, as Outlook "Can't open this folder" if a user mailbox is added, which conflicts with the shared mailbox..
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 19%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZS%3C/text%3E%3C/svg%3E)
To help anyone else. I just had to disable the Security Defaults after all my users had used MFA on their phones, due to ONE account that is used for a cloud based app and could not have that configured. So I then disabled it, went into 365 Admin and re-enabled.
ALL your users will get prompted to do reapprove when they go try to login to email, including Outlook on desktop. There was a comment here or in another post, that bc they had at one time authenticated, when you reenable they wont be prompted. That is not the case.
Either way, this seems to be the only way to still utilize MFA, not upgrade to P1 (if you only have one account that needs an exception) is to disable security defaults then re-enable in 365 Admin. This will need to be configured for each new user. Conditional Access is only available for P1 subscriptions. Too expensive for a company solely bc of one box to pay for that.
Hope this helps.