How to find out if an AzureAD user is shared mailbox from within AzureAD?

Mie Gie 21 Reputation points

How to find out if an AzureAD user is shared mailbox from within AzureAD?

Are there any fields that can query from within Azure AD alone? particularly for use for user-provisioning.

I know about using MSOnline, Exchange Online powershell, etc. I want to try to be able to do it directly within Azure AD, as this is for user-provisioning side.


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,547 questions
No comments
{count} votes

Accepted answer
  1. Vasil Michev 66,601 Reputation points MVP

    To get an authoritative answer on this, you need to query Exchange Online, not Azure AD. Best you could do with Azure AD is check the value of the CloudExchangeRecipientDisplayType and/or MSExchRecipientTypeDetails attributes, however those can sometimes be out of sync. So I'd really recommend using good old Get-Mailbox/Get-Recipient instead.

1 additional answer

Sort by: Most helpful
  1. Mie Gie 21 Reputation points

    Even those flags CloudExchange* and MSExch* appears to be only accessible from MSOnline powershell cmdlet vs the AzureAD powershell cmdlet. this seems to suggest that AzureAD side of things do not even hold these "imported/synced" information. Is my observation correct?

    On the side of querying against Exchange Online with Get-Mailbox and Get-Recipient type of cmds, I want to ask about performance when dealing with a lot of users/mailboxes. Since testing with a lot of these type of accounts is extremely costly, so we can only test with a small subset (like those 25 accounts afforded by Exchange Developer program). Since AzureAD/User-provisioning/SCIM is not able to help out with this and we have to do a "full scan" for shared mailbox identities and recipients/permissions, is there any information on doing it optimally?