Shared Mailbox Accessibility Loophole

JanakKhadka 566 Reputation points
2023-03-27T07:12:05.4633333+00:00

Hi,

I've just found a loophole for accessing shared mailbox without any licensed users, I'm able to log in to that shared mailbox user by setting its password and directly accessing mailbox with URL "https://outlook.office365.com/mail/<sharedmailboxemail>". Is it a genuine way to use Microsoft Exchange online shared mailbox features? It this loophole exist, then noone will going to purchase all their required license?

Can someone please answer on it and look into this case to resolve it?

Thank you,

Er. Janak Khadka

Microsoft Exchange Online
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,578 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Vasil Michev 108.1K Reputation points MVP
    2023-03-27T07:17:19.57+00:00

    It's well known behavior, not a loopwhole. It has been known for years, much like the fact that you can access SharePoint Online content without a license. However, the fact that Microsoft does not enforce licensing requirements in code does not mean you are allowed to use such methods. They still constitute a violation of the service terms/license agreement.


  2. Aholic Liang-MSFT 13,856 Reputation points Microsoft Vendor
    2023-03-28T07:24:44.67+00:00

    Hi @ JanakKhadka ,

    As Michev says, it has been known for years, shared mailboxes have passwords, but logging in using this method involves a violation of the Terms of Service/License Agreement .

    This official documentation also states that you should not sign in to the shared mailbox with the appropriate user account for it.

    About shared mailboxes - Microsoft 365 admin | Microsoft Learn

     2023-3-28-1

     

    In addition, here is a similar thread for your reference: Shared Mailbox can have a password and login enabled without license - Microsoft Community Hub

    (Kindlynote:Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.)

    Thanks for your understanding and support.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.