Auto-mapping is an Exchange & Exchange Online feature, which automatically opens mailboxes with Full Access permissions in a delegate’s Outlook client. The setting is configurable by an Administrator when Full Access permissions are assigned for a user. Once enabled, the periodic Autodiscover requests from the Outlook client will determine which mailboxes should be mapped for a user. Any auto-mapped mailboxes with be opened by the Outlook client in a persistent state and cannot be closed by the user. If users want to remove the auto-mapped mailbox from their Outlook client, Administrative intervention is required to remove the Full Access permission, or clear the auto-mapping flag.

There are two scenarios where you may want to use this configuration:

  • You would like mailboxes to automatically open & persist in Outlook, for users who are assigned full access permissions
  • When users require access an Online Archive associated with the delegating mailbox – the Online Archive isn’t available if you add the mailbox via the “Open these additional mailboxes” console in a mailbox profile. Note that the Online Archive is also available via “Open Another Users Mailbox in Outlook Web App and in some cases, when the delegating mailbox is added as an additional mailbox in the Outlook profile (this has proven to be unreliable depending on identity & permission assignment.)

The auto-mapping feature may be undesirable for users who have access to a large number of mailboxes (taking up valuable Outlook screen real estate), or for users who want to control which mailboxes are open in their Outlook client.

If we take a look at the Autodiscover response for my Office 365 mailbox, we can see the AlternativeMailbox options that advertise a Shared Mailbox (including its Online Archive) for which I have Full Access permissions & auto-mapping enabled.

[code language=”XML”]<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">

<AlternativeMailbox>
<Type>Delegate</Type>
<DisplayName>! Shared Mailbox</DisplayName>
<SmtpAddress>[email protected]</SmtpAddress>
<OwnerSmtpAddress>[email protected]</OwnerSmtpAddress>
</AlternativeMailbox>
<AlternativeMailbox>
<Type>Archive</Type>
<DisplayName>In-Place Archive – ! Shared Mailbox</DisplayName>
<SmtpAddress>ExchangeGuid+b44be8a9-61b3-4cb4-a1f5-0b845b1fb419@kloud.mail.onmicrosoft.com</SmtpAddress>
<OwnerSmtpAddress>[email protected]</OwnerSmtpAddress>
</AlternativeMailbox>

</Account>
</Response>
</Autodiscover>[/code]

Auto-Mapping Principles

  • By default, auto-mapping is enabled whenever Full Access permissions are granted to the mailbox via Add-MailboxPermission. It must be explicitly set to false if you want it disabled for a user i.e -Automapping:$false
  • At this time, it is not possible to view the state of the auto-mapping setting for a mailbox (whether it has been enabled/disabled)
  • If you are using Mail-Enabled Security Groups to grant Full Access permissions, auto-mapping will not work for the group members. The auto-mapping feature must be assigned by granting Full Access to individual user objects

Managing the Setting

It is enabled per-user, for new or existing Full Access delegates:

[code language=”PowerShell”]Add-MailboxPermission [email protected] -AccessRights FullAccess -User [email protected] -Automapping:$true[/code]

You can disable auto-mapping for a single user, by removing the user’s Full Access permission and then reinstating the permission with the -automapping:$false parameter defined:

[code language=”PowerShell”]Remove-MailboxPermission [email protected] -AccessRights FullAccess -User [email protected]
Add-MailboxPermission [email protected] -AccessRights FullAccess -User [email protected] -Automapping:$false[/code]

In Exchange Online, auto-mapping can be removed for all existing Full Access delegates on a mailbox by running the command:

[code language=”PowerShell”]Remove-MailboxPermission [email protected] -ClearAutoMapping[/code]

 

That’s it, simple! Hopefully this helps to explain the nuances of Outlook auto-mapping.

Category:
Exchange, Office 365
Tags:
, ,

Join the conversation! 10 Comments

  1. “If you are using Mail-Enabled Security Groups to grant Full Access permissions, auto-mapping will not work for the group members. ”

    Well, that makes it completely pointless doesn’t it.

  2. “If you are using Mail-Enabled Security Groups to grant Full Access permissions, auto-mapping will not work for the group members. ”

    Yes, i’ve been waiting for THAT to be resolved , i have to resort to powershell script to add users to mailbox with an AD security group, not the best way but it works.

    Dont know why MS didn’t adress that issue, a lot of companies use department mailboxes and users have to be added manually, it’s also hard to follow who has access to what when there is a dpt transfer, promotion, demotion .

  3. If I use -clearautomapping for mailbox, how can i change it back?

  4. Hi all.
    Is there a way to connect the online archive with powershell without activating the Automapping?
    Automapping causes problems with the sync between ExchSrv 2016 and Outlook 2013 and MS is not working on a fix since ages.
    thanks in advance for your help.
    Cheers
    Andy

  5. Is Automapping also working for shared Mailboxes (which I have FullAccess to) that have a different Primary SMTP Domain that is not preoperly setup for Autodiscover? For example: I have my user “me” and my mailbox “[email protected]” and have Fullaccess with my user to [email protected]. Autodiscover is only set up for abc.com and not for xyz.com. Will Automapping still work?

Comments are closed.