Shared Mailboxes in Exchange Hybrid now work cross premises

Shared mailboxes within an Exchange/Office 365 hybrid environment are now fully functional using Full Access permissions. This has been a limitation for some customers migrating to Office 365 up until now. With this restriction removed, customers can now fully support a long term migration process or even a permanent hybrid choice for their company.

In on-premises Exchange deployments, users can be granted a variety of permissions to other user’s mailboxes. This is called delegated mailbox permissions and it is useful when someone needs to manage some part of another user’s mailbox; for example, managing an executive's calendar, or if multiple users have access to a shared repository mailbox. Some of these permissions can be used in Exchange hybrid deployments.

Exchange hybrid deployments support the use of the Full Access mailbox permission between mailboxes located in an on-premises Exchange organization and mailboxes located in Office 365. A mailbox on an on-premises Exchange server can be granted the Full Access permission to an Office 365 mailbox, and vice versa.

Note: Users might receive additional credential prompts when they first access a mailbox that is in the other realm and add it to their own Outlook profile.

While Exchange hybrid configurations do support the use of the Send-As, Receive-As, or Send on behalf of mailbox permissions, these permissions are only available when both the mailbox granting the permissions, and the mailbox receiving the permissions, are in the same realm. Any mailboxes that receive these permissions from another mailbox need to be moved at the same time as that mailbox. If a mailbox receives permissions from multiple mailboxes, that mailbox, and all of the mailboxes granting permissions to it, need to be moved at the same time and exist in the same realm of either on premises or Office 365 Exchange organizations. In addition to these permissions, the Auto Mapping feature is unsupported when used between mailboxes in the on-premises Exchange and Office 365 organizations.

Over the last few months of helping customers, I have seen where this shared mailbox access topic has been a limitation. I am happy to be able to post this material and be able to update customers that this issue has a resolution. For further reading, visit the TechNet page for additional knowledge. Thank you.


Comments (18)

  1. small note says:

    only when you have 2013/2016 onprem
    (rob works on 2010 also but officially only 2013/2016)

  2. Al Napp says:

    Thanks for that news 🙂

    May I clarify something?

    Only “Send-As”, “Receive-As”, or “Send on behalf of” mailbox permissions don’t work when the relationship is split on prem/cloud and any other permissions (e.g. a shared calendar or inbox subfolder) as well as “Full Access” should work across the divide?

    Is that correct, and if so: is it still the case that this only works if all mailboxes originated on prem and migrated to the cloud?



    1. Mike_O'Neill says:

      Correct. There are some inconsistencies if you create a cloud mailbox and move it on premises.

  3. Bhavesh says:

    Will Shared mailbox works if…
    1) if client machine has Office365 Pro plus user account is in O365.
    2) Shared mailbox is in Onprem
    3) re-assgined shared mailbox permission for user.

    At this moment im seeing shared mailbox not updating or sometimes even though permissions are re-added it doesnt work.

    1. Mike_O'Neill says:

      It would not depend on the client, but the Exchange back end on premises if it’ll work. 2010 Exchange can be hit or miss, 2013+ should work.

  4. Just to clarify this is regarding the Free Shared mailboxes? not just a licensed user’s mailbox that’s been shared with other users?

    1. Mike_O'Neill says:

      Any sharing across realms. The Exchange PG is continuing to address this issue and work on newer options moving forward.

  5. is there a good article, or what is the proper way to migrate shared mailboxes and calendars to Office 365?

    1. Mike_O'Neill says:

      I always point people to the EXDEPLOY site: It has all of the migration options, tons of steps, and is updated often.

  6. Neil Osmond says:

    I have an issue at one of my accounts where we are migrating from an existing Exchange 2010 Org to a new Exchange 2013/O365 Hybrid as the business is splitting from another business. The Shared Mailboxes are remaining on the Exchange 2010 Org during the migration period (using Quest Tools for Mailbox Migration) but we need the users to connect to O365 Mailbox and then also connect back to old Org for Shared Mailbox using Outlook 2016. When we connect the first Shared Mailbox we use the Exchange 2010 AutoDiscover Name and this works ok but if connect further Shared mailboxes the same way … the one that was already connected automatically redirects to the Office 365 copy and then the new shared mailbox connection goes back to the Exchange 2010 legacy Org. so it seems we can only point back one Shared Mailbox … Have you seen this before ?

    1. Mike_O'Neill says:

      Need to ensure Autodiscover is pointing to the 2016 servers. The 2010 servers don’t know of the future, but the 2016 ones know of the past. And yes, all hybrid environments point autodiscover on premises. It’s a quiz question that is some times not fully understood.

  7. Filip Herman says:

    It doesn’t apply to Exchange 2010 and lower

    1. Mike_O'Neill says:

      Correct. This is just a reference the MS site stating 2013+ is supported.

  8. Christopher Quinn says:

    Is this still true? We have clients that have recently been migrated from Exchange 2010 on premise to Office 365. The shared mailbox is still on premise, and no changes have been made. Yet they continue to see the mailboxes auto mapped.

    1. Mike_O'Neill says:

      We have seen from the field that some 2010 environments, sharing can work. We have no information on why or what options to configure.

  9. RDeelap says:

    So, are 2010 Hybrids not able to share/view calendars? I’ve allowed as much as I can on both sides and they still cannot view calendars. None of the O365 users can give permissions to their calendar to on prem users. None of the on-prem users can add the O365 calendars.

    1. Mike_O'Neill says:

      Correct, the technet information states only 2013 and 2016 are supported for cross realm sharing of the calendar information.

Skip to main content