17 apr 2019

Office 365, Exchange Online: Read Only permission on Shared Mailbox folders

A shared mailbox is a mailbox that multiple users can use to read and send email messages. Shared mailboxes can also be used to provide a common calendar, allowing multiple users to schedule and view vacation time or work shifts, a shared mailbox is a type of user mailbox that doesn't have its own user name and password. As a result, users can't log into them directly.

To access a shared mailbox, users must first be granted Send As or Full Access permissions to the mailbox. In this case automapping connect the shared mailbox with the related users.

If you want share the mailbox in read only, or better with "reviewer" permissions, you have to remove the user from Full Access permissions and then use PowerShell to set the correct permissions.

Note: In this case the automapping will do not work

As a first step, check it out the default permission

Add-MailboxPermission -Identity SharedMailbox -User 'Username' -AccessRights ReadPermission

and then is time to set the "Reviewer" permissions for any folder you want to share in read only

Add-MailboxFolderPermission -Identity TSM:\ -User upn@domain.com -AccessRights Reviewer
Add-MailboxFolderPermission -Identity TSM:\Inbox -User upn@domain.com  -AccessRights Reviewer
Add-MailboxFolderPermission -Identity TSM:\Outbox -User upn@domain.com  -AccessRights Reviewer


In which TSM is the shared folder name

To remove permission, i.e.

Remove-MailboxFolderPermission -Identity TSM:\Outbox -User upn@domain.com

and the last but not the least, if you need it, you can setup the shared mailbox to copy sent items in your "sent items" folder

Set-Mailbox TSM MessageCopyForSentAsEnabled $True  -MessageCopyForSendOnBehalfEnabled $True   

7 apr 2019

Comparison for Office 365 Business Premium and Microsoft 365 Business plans.

Plan options Office 365 Business Premium Microsoft 365 Business
Office 365 Platform Yes Yes
Exchange Online Yes1 Yes1
SharePoint Online Yes Yes
OneDrive for Business Yes Yes
Skype for Business Online Yes2 Yes2
Office Online Yes Yes
Office applications Yes Yes
Project Online No3 No3
Power BI No No
Yammer Enterprise Yes Yes
Azure Information Protection No Yes4
Office 365 Suite Features
Microsoft Bookings Yes Yes
Microsoft Flow Yes Yes
Microsoft Forms Yes Yes
Microsoft Graph API Yes Yes
Microsoft My Analytics No No
Microsoft Planner Yes Yes
Microsoft PowerApps Yes Yes
Microsoft StaffHub Yes Yes
Microsoft Stream Yes16 Yes16
Microsoft Sway Yes Yes
Microsoft Teams5 Yes Yes
Office Delve Yes Yes
Office 365 Groups Yes Yes
Office 365 Video No No
OneNote Class Notebook No No
Office 365 administration features Office 365 Business Premium Microsoft 365 Business
Administer Office 365 by using the Microsoft 365 admin center or Windows PowerShell Yes Yes
Protect content by using Azure Information Protection No6 Yes
User Account Management Office 365 Business Premium Microsoft 365 Business
Office 365 desktop setup Yes Yes
Bulk upload using .csv files Yes Yes
Azure AD Connect Sync tool Yes Yes7
Exchange simple (cutover) migration Yes Yes
Delete accounts and reset passwords from Office 365 or by using Windows PowerShell8 Yes Yes
Users can change their own passwords9 Yes Yes
Manage licenses Yes10 Yes10
Manage security groups from Office 365 Yes Yes
Multiple administrator roles available Yes Yes
Allow a partner to administer Office 365 for you Yes Yes
Azure Active Directory services Yes Yes
Message Policy and Compliance Office 365 Business Premium Microsoft 365 Business
Archiving Exchange Online-based mailboxes Yes Yes11
Messaging Records Management (MRM) retention tags and retention policies Yes Yes
Encryption of data at rest (BitLocker) Yes Yes
IRM using Azure Information Protection No Yes6
Office 365 Message Encryption No Yes6
In-Place Hold and Litigation Hold No Yes
In-Place eDiscovery Yes Yes
Transport Rules Yes Yes
Data loss prevention No Yes
Privacy, Security, and Transparency Office 365 Business Premium Microsoft 365 Business
Built-in anti-spam protection Yes Yes
Built-in anti-malware protection Yes Yes
Advanced Threat Protection No Yes
Advanced Security Management No No
Customer Lockbox No No
Customer Key for Office 36512 No No
Office 365 Advanced eDiscovery13 No No
Secure Score14 Yes Yes
Threat Intelligence No No
Compliance[ServiceDesc] Office 365 Business Premium Microsoft 365 Business
SAS 70 / SSAE16 Assessments Yes Yes
ISO 27001 certified Yes Yes
EU Model Clauses Yes Yes
EU Safe Harbor Yes Yes
HIPAA-Business Associate Agreement Yes Yes
FISMA Authority to Operate Yes Yes
Microsoft Data Processing Agreement Yes Yes
PCI-governed PAN data No No
Networking Office 365 Business Premium Microsoft 365 Business
IPv4 and IPv6 protocols Yes Yes
Service Updates Office 365 Business Premium Microsoft 365 Business
Regular updates provided to all customers Yes Yes
Notifications sent to Message Center when action is required Yes Yes
Option to turn on Targeted release Yes Yes
Partners Office 365 Business Premium Microsoft 365 Business
Provide delegated administration Yes Yes
Identity and Access management features Office 365 Business Premium Microsoft 365 Business Enterprise Mobility + Security E5
Office 365 Multi-Factor Authentication (MFA) Yes Yes Yes
Administrative Units No No Yes
Cloud app discovery No No Yes
Dynamic Groups No No Yes
Self-service password reset for cloud identities Yes Yes Yes
Self-service password reset with on-premises AD write-back No Yes Yes
Device objects two-way synchronization between on-premises directories and Azure AD (device write-back) No No Yes
Conditional access (based on group, location, device state, sign-in, or user risk) No No Yes
Company branding (logon pages/access panel customization Yes Yes Yes
Application Proxy No No Yes
Microsoft Identity Manager (MIM) user CAL No No Yes
Connect Health No No Yes
SLA 99.9% Yes Yes Yes
Advanced Threat Analytics No No Yes
Device and application management features Office 365 Business Premium Microsoft 365 Business Enterprise Mobility + Security E3
Mobile Device Management (MDM)15 Yes Yes Yes
Mobile Device Management (MDM) auto-enrollment No Yes Yes
Mobile Application Management (MAM) for Office apps and LOB apps17 No Yes Yes
Windows update management, Defender, Firewall policies15 No Yes Yes
Data protection - selective wipe Yes Yes Yes
Security Group (SG) targeting for policies No Yes Yes
Install Office apps on enrolled Windows 10 devices No Yes Yes
Windows Defender configuration No Yes Yes
Deploying device profiles and security configuration15 No Yes Yes
Enterprise State Roaming for Windows 10 with Azure AD join No Yes Yes
Self-service BitLocker recovery No Yes Yes
Windows 10 Management features - Microsoft 365 Business makes it easy to manage devices. When you set up your Microsoft 365 Business tenant you select app protection, and device configuration settings. These settings determine the policies that are applied automatically to devices when they join Azure Active Directory. Windows 10 Pro Management capabilities include: Microsoft 365 Business
Simplified deployment with Windows AutoPilot Yes
Subscription Activation Yes
Organizational Control of device screen on idle Yes
Organizational Control of user access to apps from Microsoft Store Yes
Organizational Control of user access to Cortana Yes
Organizational Control of Windows tips and advertising from Microsoft Yes
Windows 10 devices kept up-to-date automatically Yes
Windows 10 Security features Microsoft 365 Business
Protect PCs from viruses and other threats using Windows Defender Antivirus Yes
Protect PCs from web-based threats in Microsoft Edge Yes
Use rules that reduce the attack surface of devices Yes
Protect folders from threats such as ransomware Yes
Help protect files and folders on PCs from unauthorized access with Bitlocker Yes
1 Includes Exchange Online Plan 1.
2 Includes Skype for Business Online Plan 2 with basic client limitations.
3 Project Online is not included, but can be purchased as a separate add-on service or added for free to the Office Education plan.
4 Azure Information Protection (AIP) enables the supported Information Rights Management (IRM) features. AIP Plan 1 is included in Microsoft 365 Business.
5 Microsoft Teams is available in Microsoft 365 Business, Office 365 Business Essentials, Office 365 Business Premium, and Office 365 Enterprise (E1, E3, E5, F1). It is not yet available for Office 365 Education plans.
6 Azure Information Protection (AIP) enables the supported Information Rights Management (IRM) features. AIP Plan 1 is included in Microsoft 365 Business.
7 Azure AD Connect tool for enabling directory synchronization is supported in Office 365 Business Premium, which is a component of Microsoft 365 Business. However, when Windows Management components are enabled for Microsoft 365 Business, an Azure AD-join is required. If you have an on-premises Active Directory environment and you want to join your domain-joined devices to Azure AD, you can accomplish this by configuring hybrid Azure AD joined devices.
8 If using directory synchronization with a local Active Directory, you must delete accounts or change passwords by using the local Active Directory, rather than the Office 365 portal or by using the Azure Active Directory module for Windows PowerShell.
9 Cloud identities only. See Let users reset their own passwords in Office 365.
10 Reducing seats that were purchased with a term discount may be subject to an early termination fee. This is not applicable for subscriptions paid on a monthly basis.
11 Microsoft 365 Business includes Exchange Online Archiving subscription. Each Exchange Online Archiving subscriber initially receives 100 GB of storage in the archive mailbox. When auto-expanding archiving is turned on, additional storage is automatically added when the 100 GB storage capacity is reached. For more information, see Overview of unlimited archiving in Office 365.
12 For more information, see Controlling your data in Office 365 using Customer Key.
13 Advanced eDiscovery is supported in the United States and in the Western Europe (Netherlands) region. (Customer data from Canada and Asia Pacific is exported to the United States. Customer data from Europe, the Middle East, and Africa is exported to Western Europe [Netherlands].)
14 Available at https://securescore.office.com. Requires admin permissions. For more information, see Introducing the Office 365 Secure Score.
15 Simplified Windows 10 device management built into the Microsoft 365 admin center. Intune management capabilities of iOS, Android, macOS, and other cross-platform device management built into the Device management admin center, also licensed for use with Microsoft 365 Business. Third-party apps and configuration of things like WiFi profiles and VPN certificates can also be managed in the Device management admin center.
16 This plan comes with Microsoft Stream Plan 2 which includes Video portal, Speech to text transcription, Deep Search, and Face Detection.
17 Simplified Windows 10 device management and Intune app protection policies built into the Microsoft 365 admin center.