ASD's Blueprint for Secure Cloud

Shared Mailboxes

This section describes the design decisions associated with Shared Mailboxes for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

A Shared Mailbox is a mailbox which enables one or more users to read and send messages. Shared Mailboxes also enable sharing of a calendar between multiple users.

Within Microsoft 365, shared mailboxes do not require a licence to be assigned to them unless the mailbox has over 50GBs of data.

Unlike user mailboxes, these mailboxes are represented within Entra ID by a disabled user account. These accounts can be enabled however this poses a security risk as the mailbox account is not related to a single user.

User access to the mailbox is provided using mailbox delegation rights (Full Access, Send As, Send on Behalf). These rights can be assigned either directly or using a mail enabled security group.

Security & Governance

  • None identified


  • None identified


  • None identified


  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra