Some actually use this IMAP ability to be able to open shared mailboxes on mobile devices, however doing this comes with a huge risk in my books. No so bad you think right? Well, the problem is that, by default, IMAP and POP3 are enabled on all mailboxes, including shared ones. So, by default, when you create a shared mailbox you are actually creating an account with a system password in your environment. You aren’t supposed to use the account to log in to the shared mailbox” Notice how you weren’t asked to provide a password when you created the shared mailbox? The account has a password, but it’s system-generated (unknown). “Every shared mailbox has a corresponding user account. Don’t believe me? Well check out the following documentation: Thus, they can be accessed directly using these details. The first point to note is that shared mailboxes in Microsoft 365 actually have a login and password. However, there are some security issues with these that I don’t think many people are aware of. ![]() This works really well for generic accounts like etc. ![]() Shared mailboxes are a really handy component of Microsoft 365 in that they allow multiple users to access a single mailbox.
0 Comments
Leave a Reply. |