Implementation of Exchange Online Management in the Access Manager
In modern companies, efficient management of access rights and authorizations to shared resources is crucial for business success. One frequently used solution is shared mailboxes in Microsoft Exchange Online, which allow several employees to access a shared mailbox. Shared mailboxes offer considerable advantages, especially in departments such as support, sales or general information management, as they centralize communication and ensure transparency.
Die Einführung einer zentralen Verwaltung dieser Berechtigungen über den BAYOOSOFT Access Manager vereinfacht die Administration und schließt bestehende Lücken in der initialen Rechtevergabe. Dieser Blog beschreibt die technischen Hintergründe, die Herausforderungen und die Implementierung des Exchange Online Managements in den BAYOOSOFT Access Manager.
Challenges in the management of shared mailboxes
In many companies, rights for resources such as file servers, SharePoint or distribution lists are already assigned via the Access Manager. However, shared mailboxes in Microsoft Exchange Online are often overlooked. This leads to:
- Missing authorizations for new hires: Employees are not given full access to required mailboxes.
Example: A new employee is hired in the support team. While she is given access to the departmental drives and SharePoint documents, she is denied access to the shared support mailbox. As a result, important inquiries remain unanswered until the authorization is added manually.
- Increased administrative effort: Subsequent rights adjustments cause hidden costs.
Example: An employee changes departments internally. The IT department has to manually adjust their permissions to various shared mailboxes, which leads to a lot of work and errors.
- Inconsistencies in rights management: Manual processes increase the susceptibility to errors.
These problems can be effectively solved by extending the Access Manager to include the management of shared mailboxes.
Functional scope of Exchange Online Management in the BAYOOSOFT Access Manager
The implementation extends the Access Manager to include the administration of Exchange Online shared mailboxes and their authorizations. The following authorization types are supported:
1. full access (default authorization): Users with this authorization can open the shared mailbox and act as the owner. They have access to all emails, calendar entries, contacts and tasks. Restriction: Sending emails on behalf of the mailbox is only possible with additional authorization.
Example: An employee with full access to the HR mailbox can read applications, create calendar entries and organize internal messages. However, without the “Send as” authorization, his reply appears as a separate message and not as a message from “HR department”.
2. send as: This authorization allows users to send emails that appear to come directly from the shared mailbox.
Example: A sales employee replies to an inquiry sent to the central sales mailbox ([email protected]). With the “Send as” authorization, the reply appears to come directly from the sales department.
3. send on behalf of: This authorization allows emails to be sent “on behalf of” the mailbox. The email is marked with the addition “sent by [user name] on behalf of [mailbox name]”.
Example: A management assistant sends an invitation to a meeting on behalf of the CEO. The recipient sees that the invitation was sent by “Assistant on behalf of CEO”.
Technical architecture and integration
The management of third-party applications in the Access Manager is based on the linking of authorization descriptions with Active Directory (AD) groups. For Microsoft services such as SharePoint, Teams and Exchange Online, however, integration takes place via the Microsoft Azure Tenant, which makes the structure slightly different from classic AD-based systems.
Integration of third-party applications
- Printers and networks: The authorization description is linked to an AD group.
Example: A “Print to 3rd floor color printer” permission is linked to the associated AD group so that all members of this group can access the printer.
- Microsoft services (Teams, SharePoint, Exchange Online): The Microsoft Azure Tenant is defined here as the central administration unit.
Example: A new project employee automatically receives access to the associated SharePoint project directory and the associated Teams group.
- Google Workspace: Similar to Microsoft services, you need to specify your own tenant.
Note: A specific interface for integrating the respective tenant must be implemented for each third-party application.
Advantages of extended management
The implementation of Exchange Online Management in the Access Manager offers numerous advantages:
- Central and uniform administration of all authorizations, including shared mailboxes.
- Reduced administration effort thanks to automated processes and central access control.
Example: The automatic assignment of authorizations saves the IT department 10 to 15 hours of manual work per week.
- Improved transparency and traceability when assigning rights.
Example: Every authorization change is logged and can be traced at any time via the Access Manager.
- Fast integration of new employees, as all necessary access rights are assigned right from the start.
Example: A new employee in the accounting department can access the accounting mailbox from day one and start work processes without delay.
Conclusion:
The addition of Exchange Online Management to the Access Manager is a decisive step towards optimizing rights management in modern companies. It ensures consistent, transparent and efficient management of shared mailboxes and minimizes administrative effort. By integrating it into the existing infrastructure, companies can standardize their processes and reduce the workload of the IT department.
