How to Configure a Mail Flow Rule in Exchange Online
Step-by-step guide to creating Exchange Online mail flow (transport) rules — conditions, actions, exceptions, common patterns, and PowerShell.
How to Create a Shared Mailbox in Exchange Online
TL;DR: In the Microsoft 365 admin center, go to Teams & Groups > Shared mailboxes > + Add a shared mailbox. Give it a name and email address, save, then add members with Full Access and Send As permissions. No license is required as long as the mailbox stays under 50 GB.
Shared mailboxes are how teams handle a common email address like info@, support@, or sales@. Multiple people can read and send from a single inbox without sharing credentials. This guide creates one in the admin center and PowerShell, then walks through the permissions model that trips most admins up.
What this does
A shared mailbox is a regular Exchange Online mailbox attached to a disabled user account (sign-in is blocked by default). Members access it as a delegate from their own Outlook session — there’s no separate password, no license consumption (under 50 GB), and no extra cost.
The mailbox shows up automatically in members’ Outlook profiles via auto-mapping if you grant Full Access through the standard tools. Replies sent from the mailbox appear to come from the shared address, not the individual user, when Send As is also granted.
When you’d want this
- Team aliases —
info@,support@,sales@,careers@ - Departing-employee mail handover (turn the mailbox into shared, grant access to a successor)
- Departmental triage workflows where multiple people own the same queue
- An inbox that needs a shared calendar alongside it (shared mailboxes include one)
When you’d want a Microsoft 365 Group instead: if collaboration is broader than email — files, Planner, Teams chat, etc. Shared mailboxes are for email-only.
Steps
Option A: Microsoft 365 admin center (recommended)
The simplest path. The admin center handles the disabled user account, mailbox creation, and permission grants in a single workflow.
- Sign in to the Microsoft 365 admin center at https://admin.microsoft.com as an Exchange Administrator.
- Go to Teams & Groups > Shared mailboxes. (Select Show all in the left navigation if you don’t see Teams & Groups.)
- Select + Add a shared mailbox.
- Enter:
- Name — display name as it appears in the Global Address List.
- Email address — the address users will send to and reply from. Domain dropdown lists every verified domain on the tenant.
- Select Save changes. It can take a couple of minutes before the mailbox is ready to accept members.
- Under Next steps, select Add members to this mailbox.
- Select Add members, pick the users you want to grant access to, then Save.
Option B: Exchange admin center
Useful when you’re already in the EAC for other recipient work.
- Open the Exchange admin center at https://admin.exchange.microsoft.com as an Exchange Administrator or Recipient Administrator.
- Go to Recipients > Mailboxes.
- Select Add a shared mailbox.
- Fill in Display Name, Email address, and Alias.
- Select Create.
- Under Next steps, select Add users to this mailbox.
- Select Add users, pick the members, choose whether to grant Full Access, Send As, or both, and Save.
Option C: PowerShell
For scripting or bulk creation, use the Exchange Online PowerShell module:
Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser
Connect-ExchangeOnline
# Create the shared mailbox
New-Mailbox `
-Shared `
-Name "Support" `
-DisplayName "Support Team" `
-PrimarySmtpAddress "support@contoso.com" `
-Alias "support"
# Grant Full Access to a security group
Add-MailboxPermission `
-Identity "support@contoso.com" `
-User "support-team@contoso.com" `
-AccessRights FullAccess `
-InheritanceType All `
-AutoMapping $true
# Grant Send As to the same group
Add-RecipientPermission `
-Identity "support@contoso.com" `
-Trustee "support-team@contoso.com" `
-AccessRights SendAs `
-Confirm:$false
Granting permissions to a mail-enabled security group (rather than individual users) is the maintainable pattern — add and remove people from the group instead of touching the mailbox.
Permissions you can grant
Three flavors, often confused:
| Permission | What it does | When to grant |
|---|---|---|
| Full Access (Read and manage) | Open the mailbox, read mail, create and modify items, manage folders. Auto-maps the mailbox in Outlook. | Always — anyone who needs to use the shared mailbox needs this. |
| Send As | Send messages that appear to come from the shared mailbox address. | Always — without this, replies appear to come from the individual user’s address. |
| Send on Behalf | Send messages that appear as “User on behalf of Shared Mailbox”. | Rarely — use Send As unless you specifically want the “on behalf of” attribution. |
Grant Full Access + Send As to anyone using the mailbox. Don’t mix Send As and Send on Behalf for the same user; the behavior is unpredictable.
Block sign-in for the shared mailbox account
When you create a shared mailbox in the Microsoft 365 admin center, the underlying user account already has sign-in blocked. When you create one through PowerShell with New-Mailbox -Shared, double-check this:
Update-MgUser -UserId "support@contoso.com" -AccountEnabled:$false
Or via the admin center: Users > Active users > [select the user] > Block sign-in.
A shared mailbox account that can sign in is a security hole — there’s no individual owner to set up MFA on it, so it’s a soft target.
Notes and gotchas
- Auto-mapping. Outlook automatically loads the shared mailbox in any user’s profile that has Full Access. With more than ~10 shared mailboxes per user this performs poorly; turn off auto-mapping (
-AutoMapping $false) for high-volume admins. - 50 GB limit. Shared mailboxes are free up to 50 GB. To exceed that, the mailbox needs an Exchange Online Plan 2 license — or, for archive, In-Place Archiving via a license that includes it.
- No simultaneous editing. Two users opening the same draft in a shared mailbox can collide. The mailbox isn’t a real-time co-edit space.
- Outlook on the web. Users access shared mailboxes via Open another mailbox in OWA’s account menu — slightly less obvious than desktop Outlook’s auto-load.
- Mobile. Outlook mobile supports shared mailboxes via “Add shared mailbox” in account settings; the iOS/Android Mail apps generally don’t.
- Hybrid Exchange tenants: if your tenant runs hybrid (Exchange on-prem + Exchange Online), create shared mailboxes in the on-premises EAC, not in Microsoft 365. The synced object then has its mailbox in Exchange Online.
- Mailbox conversion. To convert an existing user mailbox into a shared mailbox: from Active users, select the user, Mail tab, Convert to shared mailbox. Free up the license afterwards.
- Recoverable items. When users move items between folders in a shared mailbox, copies land in the Recoverable Items folder — counts toward the mailbox quota.