Auto-mapping is an Exchange & Exchange Online feature, which automatically opens mailboxes with Full Access permissions in a delegate’s Outlook client. The setting is configurable by an Administrator when Full Access permissions are assigned for a user. Once enabled, the periodic Autodiscover requests from the Outlook client will determine which mailboxes should be mapped for a user. Any auto-mapped mailboxes with be opened by the Outlook client in a persistent state and cannot be closed by the user. If users want to remove the auto-mapped mailbox from their Outlook client, Administrative intervention is required to remove the Full Access permission, or clear the auto-mapping flag.
There are two scenarios where you may want to use this configuration:
- You would like mailboxes to automatically open & persist in Outlook, for users who are assigned full access permissions
- When users require access an Online Archive associated with the delegating mailbox – the Online Archive isn’t available if you add the mailbox via the “Open these additional mailboxes” console in a mailbox profile. Note that the Online Archive is also available via “Open Another Users Mailbox in Outlook Web App and in some cases, when the delegating mailbox is added as an additional mailbox in the Outlook profile (this has proven to be unreliable depending on identity & permission assignment.)
The auto-mapping feature may be undesirable for users who have access to a large number of mailboxes (taking up valuable Outlook screen real estate), or for users who want to control which mailboxes are open in their Outlook client.
If we take a look at the Autodiscover response for my Office 365 mailbox, we can see the AlternativeMailbox options that advertise a Shared Mailbox (including its Online Archive) for which I have Full Access permissions & auto-mapping enabled.
<?xml version="1.0" encoding="utf-8"?> <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> ... <AlternativeMailbox> <Type>Delegate</Type> <DisplayName>! Shared Mailbox</DisplayName> <SmtpAddress>firstname.lastname@example.org</SmtpAddress> <OwnerSmtpAddress>email@example.com</OwnerSmtpAddress> </AlternativeMailbox> <AlternativeMailbox> <Type>Archive</Type> <DisplayName>In-Place Archive - ! Shared Mailbox</DisplayName> <SmtpAddress>ExchangeGuidfirstname.lastname@example.org</SmtpAddress> <OwnerSmtpAddress>email@example.com</OwnerSmtpAddress> </AlternativeMailbox> ... </Account> </Response> </Autodiscover>
- By default, auto-mapping is enabled whenever Full Access permissions are granted to the mailbox via Add-MailboxPermission. It must be explicitly set to false if you want it disabled for a user i.e -Automapping:$false
- At this time, it is not possible to view the state of the auto-mapping setting for a mailbox (whether it has been enabled/disabled)
- If you are using Mail-Enabled Security Groups to grant Full Access permissions, auto-mapping will not work for the group members. The auto-mapping feature must be assigned by granting Full Access to individual user objects
Managing the Setting
It is enabled per-user, for new or existing Full Access delegates:
Add-MailboxPermission firstname.lastname@example.org -AccessRights FullAccess -User email@example.com -Automapping:$true
You can disable auto-mapping for a single user, by removing the user’s Full Access permission and then reinstating the permission with the -automapping:$false parameter defined:
Remove-MailboxPermission firstname.lastname@example.org -AccessRights FullAccess -User email@example.com Add-MailboxPermission firstname.lastname@example.org -AccessRights FullAccess -User email@example.com -Automapping:$false
In Exchange Online, auto-mapping can be removed for all existing Full Access delegates on a mailbox by running the command:
Remove-MailboxPermission firstname.lastname@example.org -ClearAutoMapping
That’s it, simple! Hopefully this helps to explain the nuances of Outlook auto-mapping.