Ensure sign-in to shared mailboxes is blocked
Why This Matters
Shared mailboxes are designed for delegated access, not direct sign-in. If a shared mailbox account is left with sign-in enabled, an attacker could potentially compromise the system-generated password, gain direct access, and send email from a mailbox without a unique identity. Blocking sign-in prevents this risk and ensures the mailbox can only be accessed through delegated permissions from authorized users.
What Aether365 Checks
Aether365 verifies that sign-in is blocked for all user accounts associated with shared mailboxes. This check appears in the Aether365 dashboard under Entra ID checks as check M365.2197.