How to find out if an AzureAD user is shared mailbox from within AzureAD?

Question

How to find out if an AzureAD user is shared mailbox from within AzureAD?

Mie Gie 21

Are there any fields that can query from within Azure AD alone? particularly for use for user-provisioning.

I know about using MSOnline, Exchange Online powershell, etc. I want to try to be able to do it directly within Azure AD, as this is for user-provisioning side.

Thanks

Answer 1

To get an authoritative answer on this, you need to query Exchange Online, not Azure AD. Best you could do with Azure AD is check the value of the CloudExchangeRecipientDisplayType and/or MSExchRecipientTypeDetails attributes, however those can sometimes be out of sync. So I'd really recommend using good old Get-Mailbox/Get-Recipient instead.

Answer 2

Mie Gie 21

Even those flags CloudExchange* and MSExch* appears to be only accessible from MSOnline powershell cmdlet vs the AzureAD powershell cmdlet. this seems to suggest that AzureAD side of things do not even hold these "imported/synced" information. Is my observation correct?

On the side of querying against Exchange Online with Get-Mailbox and Get-Recipient type of cmds, I want to ask about performance when dealing with a lot of users/mailboxes. Since testing with a lot of these type of accounts is extremely costly, so we can only test with a small subset (like those 25 accounts afforded by Exchange Developer program). Since AzureAD/User-provisioning/SCIM is not able to help out with this and we have to do a "full scan" for shared mailbox identities and recipients/permissions, is there any information on doing it optimally?

Vasil Michev 66,601 Reputation points MVP

2020-02-19T17:27:28.977+00:00

That's indeed a concern in large environment, my recommendation would be to stick to the MSOnline module as in most cases it does show this info, and is quite more faster/reliable than the Exchange cmdlets. Nowadays, you can also use the REST-based ExO PowerShell cmdlets: https://learn.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps
Mie Gie 21 Reputation points

2020-02-25T23:36:13.287+00:00

I want to ask if there are any other ways besides PowerShell cmdlets. The reason is that these set of cmdlets are not compatible with Linux / PowerShell Core, and restricts us to only Windows VM.

I have investigated both EWS Managed API and Graph API. Both means are not able to do what we need to do for the sake of user-provisioning (as Azure AD User provisioning lacks this "capability"/shared-mailbox that's actually a Microsoft creation). Do you know of any other means?
Vasil Michev 66,601 Reputation points MVP

2020-02-26T09:30:25.767+00:00

There aren't. Exchange Remote PowerShell works just fine on PS Core, and the new V2 module should have support for it soon. In the meantime, you can use Azure Cloud Shell for devices that don't run PS natively.

How to find out if an AzureAD user is shared mailbox from within AzureAD?

1 additional answer

Activity