GitBit
Blog
Sign Up

Congrats!

You've unlocked an exclusive 25% discount on our Copilot course.

Use the code 25OFF at checkout to claim your discount. Don't miss out on this limited-time offer!

LEARN MORELET'S GO!

Ensure sign-in to shared mailboxes is blocked

Did you know creating a shared mailbox also creates a user account? Did you know when you convert a user mailbox to a shared mailbox that user can still log in to the tenant? Why doesn't Microsoft automatically lock the account or ask you if you want the account locked out? I have no idea but I do know it's a good idea to routinely check the shared mailboxes to see if any accounts are locked out.

Anyway, there are two ways to go through the list. manually and automatically.

Manually check if sign-in is blocked for shared mailboxes

The manual process is exactly how it sounds. We will manually go through the shared mailboxes and check if sign-on is blocked. First, we'll pull up a list of shared mailboxes, then we'll pull up the users and compare the two.

Get the shared mailboxes

Get shared mailboxes from Microsoft 365 Exchange Admin Center

  1. Open Exchange admin center > Recipients > Mailboxes
  2. Click Filter > Shared mailbox.

Check each user account

Block sign in to Microsoft 365 for each shared mailbox user account

  1. Open a new tab or new window. Microsoft 365 admin center > Users > Active users.
  2. Search for each shared mailbox and click on the display name.
  3. Click Block sign-in.
  4. Check Block this user from signing in. Click Save changes.

Automatically check if sign-in is blocked for shared mailboxes

Block sign in to Microsoft 365 for each shared mailbox using PowerShellThis process should be called Block sign-in for shared mailboxes using PowerShell because that's what it really is but I digress. First, we'll connect to Exchange Online. Then, we'll export a list of shared mailboxes. Then we'll connect to Microsoft 365 and we'll disable sign in for any shared mailbox accounts.

  1. Connect to Exchange Online PowerShell by running: Install-Module -Name ExchangeOnlineManagement; Connect-ExchangeOnline
  2. Login with your admin credentials
  3. Run the following command to get the shared mailboxes: $Mailboxes = Get-Mailbox -Filter {recipienttypedetails -eq "SharedMailbox"}
  4. Connect to Microsoft 365 by running: Install-Module MSOnline; Connect-MsolService
  5. Login with your admin credentials
  6. Run the following to disable access: $Mailboxes | %{Set-MsolUser -UserPrincipalName $_.UserPrincipalName -BlockCredential $true}
Did you like the site?