M365 oauth access to shared mailboxes


since Microsoft forced to use oauth2 to access M365 Mailboxes, it isn’t possible to access shared mailboxes anymore. Previously this was possible with a combination of “/< shared mailboxe>” as IMAP Username.

If you currently try to add a shared mailbox you get a duplicate mailbox error from Zammad, because you can only use the “” to authenticate against M365.

The possibility to select with a dropdown (by reading the api of available mailboxes) or at least specific with a text filed would be good to add this shared mailboxes to zammad.

It should be possible to configure this shared mailbox to a separated zammad group so that it is still possible to configure seperated workflows for each mail mailbox.

See also this post with a good hint IMHO: Office 365 shared mailboxes with Microsoft 365 Channel (APP/OAuth) - #3 by Martin-Bonn


1 Like

If you’d read the documentation you’d see that your statement that it’s not working is not true.

You would also understand the process of migration better if you’d have a better look.

1 Like

I think I missed something during writing my feature request.

Yes, you can currently add shared mailboxes, is you assign a license to it and enable IMAP and SMPT-Auth both with modern authentication (oauth2). So you have to pay an extra fee for that license of each shared mailbox.

My request was, that you have one licensed “tech account” for zammad with IMAP and SMTP-Auth enabled and use this account to access multiple shared mailboxes which aren’t licensed. Because normal shared mailboxes are free. You need this license just for enabling IMAP & SMTP-Auth.

With this possibility you can safe up some license fees if you have to use separated mailboxes for regulation topics (don’t mix mail traffics for different topics)




I have the same problem, and have failed to get it working. We have one licensed ‘Master’ account, helpdesk@mydomain.com. We then have a number of shared inboxes (support@shop1.com, support@shop2.com etc). The master account has full access to these accounts.

Now that IMAP is not working anymore, we’d like to use that one licensed master account to receive emails over the various shared accounts over Oauth, as it was possible with IMAP. The outgoing emails are sent via Amazon SES (SMTP).

Best Regards

My bad then sorry.
Guess it’s not possible as of now.

We use multiple shared mailboxes with oauth and the Microsoft 365 channel, but it’s a little bit different.

We use helpdesk@example.ca, monitoring@example.ca, projectrequests@example.ca, etc. Each incoming email is sent to a different group. All of these email addresses are configured as shared mailboxes with no M365 license cost.

If using different domains is not a hard requirement, this might be a possible path forward.

I was able to set a password for the shared inbox in the Exchange Online admin, and am able to import incoming emails now. The problem is that the shared inboxes cannot send out emails on their own, without a licensed user that is.
So my problem would actually be solved if I could just set an SMTP profile to send out emails for tickets that came in over an MS365 channel, which unfortunately does not seem to be possible either - or am I maybe missing something here?

Sorry for spamming, but I actually got it working now. I’ve added the O365 connection with our “master” account, helpdesk@mydomain.com.
Next I created a password for all the accounts that I want to use with Zammad (support@shop1.com etc) via the Microsoft admin, using “reset password”. The master account has “Full Access” set for all those shared inboxes.
Then I added each of these shared inboxes via Settings → Channels → Microsoft 365, and logged in with the username and password of that shared inbox. It was my understanding is that this should not be possible, but alas, it worked. I am able to receive and send emails.

1 Like

shouldn’t this ticket be closed manualy because the feature does exist?

leaving it open adds to the number of displayed entries without benefit…

I do not see that as a valid solution because this solution is outside of defined usage parameters.

“A shared mailbox is not designed for direct logon. The user account for the shared mailbox itself should stay in a Disabled (or “disconnected”) state.”

For Fredrik’s solution to work, you have to set the user account to enabled.

The proper solution is having a logon name for authentication and a seperate mailbox name.

Technically there’s no reason to run a mailbox of Zammad in shared mailbox mode.
The only reason why people would do this is to save licensing fees.

One could argue with “yes but our agents to have licensed mailboxes” - while that’s true and not really mandatory to have with Zammad, I wouldn’t be too sure if the “we have an agent with active license” would actually meet the licensing terms of Microsoft. Just as 50 cents of my end.

A shared mailbox feeding into Zammad is pretty much the poster boy of the use case when all users are licensed.

Shared mailboxes are used when multiple people need access to the same mailbox, such as a company information or support email address, reception desk, or other function that might be shared by multiple people.

Right. I’m describing not much of a difference.