Multiple External users access to an internal email address

I think a shared mailbox and a login for each is the only way to make it work anything like what you want otherwise you can setup a distribution group, I think that was the name been a minute, and have those outside accounts as contacts in the exchange system and add them to the group. This won't have an actual mailbox and will just forward a copy to all in the group but also functionally closest thing possible I can come up with.
 
Yes, two choices.

1.) Shared Mailbox
2.) Distribution List

The difference? The first won't pop anyone's notifications, people have to go looking for it, and anyone responding shows to everyone that's looking. The second will fire everyone's notifications, but each person is now responding alone, and others cannot know who did what and when. The difference is subtle, but significant, and you have to think about the business to determine which is best.
 
With option #1 the users will need credentials to access as it won't authenticate and allow outside user access that I am currently aware of but I haven't managed any sort of exchange in several years.
 
With option #1 the users will need credentials to access as it won't authenticate and allow outside user access that I am currently aware of but I haven't managed any sort of exchange in several years.
Beware, Shared Mailboxes generate identities, and these identities ARE valid logins.

Now, by default the identity associated with a Shared Mailbox has a blanked password, and while that remains true it cannot be used as a login. However, if you reset the identity's password, the account can be used to access M365 resources, but it cannot be used to access its own mailbox. This creates a potential risk, one that I recommend remediating by blocking the sign-in on all identities associated with a shared mailbox to remediate. There is never a legitimate use case for a shared mailbox identity to be enabled, but it must be present because that mailbox cannot exist without a user.

The users assigned delegate access (permissions) to this mailbox will simply get it automatically in their respective outlooks via their normal M365 login. Shared Mailboxes are very convenient for users as a result.

Oh, and you have Read and Manage, Send on Behalf, and Send as permissions to set for each user.

Send on behalf will show the internal user's email address and name on the emails that come through the shared mailbox.
Send as will make the mails look like they came directly from the mailbox.

Former is good for legal processes and transparency, latter is better for cohesive branding and presentation.
 
Last edited:
The users assigned delegate access (permissions) to this mailbox will simply get it automatically in their respective outlooks via their normal M365 login. Shared Mailboxes are very convenient for users as a result.

Oh, and you have Read and Manage, Send on Behalf, and Send as permissions to set for each user.

Send on behalf will show the internal user's email address and name on the emails that come through the shared mailbox.
Send as will make the mails look like they came directly from the mailbox.
But those users need to be part of the domain that the email address is in OPs case the users are external users who are part of a different domain unless I am missing something or something was added to share and add external delegates the delegates need to be users withing the system the shared mailbox is on.
 
But those users need to be part of the domain that the email address is in OPs case the users are external users who are part of a different domain unless I am missing something or something was added to share and add external delegates the delegates need to be users withing the system the shared mailbox is on.
You can put external users in a shared mailbox, but they have a very goofy way to access it.

And yes, in this case I do a distribution list, and have to craft an anti-spam rule to allow for external forwarding.

Also, don't confuse domains. The easy path is everyone on the same tenant, an M365 tenant can have any number of DNS domains attached to it. So changing the stuff to the right of the @ doesn't tell me they're external users.
 
I did think are these part of the same M365 or a partner company with its own we really don't have those details but like I said I have managed that type system in years and have never really dealt with M365 in fact the dawn of M365 was my exit to MS Office.
 
I did think are these part of the same M365 or a partner company with its own we really don't have those details but like I said I have managed that type system in years and have never really dealt with M365 in fact the dawn of M365 was my exit to MS Office.
Fair, but the contents of this thread are more about Exchange than M365. The Exchange bits still work like they always did.

There really isn't anything special about M365, it's just a conglomeration of a ton of Microsoft things.
 
You can put external users in a shared mailbox, but they have a very goofy way to access it.

And yes, in this case I do a distribution list, and have to craft an anti-spam rule to allow for external forwarding.

Also, don't confuse domains. The easy path is everyone on the same tenant, an M365 tenant can have any number of DNS domains attached to it. So changing the stuff to the right of the @ doesn't tell me they're external users.
How do they access it? I tried this years ago, and it seemed like it might work, but I couldn't for the life of me figure out how they would access it. The guy our MS rep brought in didn't know either. The CEO wanted some bs
 
How do they access it? I tried this years ago, and it seemed like it might work, but I couldn't for the life of me figure out how they would access it. The guy our MS rep brought in didn't know either. The CEO wanted some bs
Requires EntraID B2B links, then you configure Exchange to share.

Only works if both sides have M365.

It's a HUGE amount of work, honestly... the juice isn't worth the squeeze here. Easier to just give the external user a local account with a license, and tell them to login.
 
Back
Top