We have a mailbox in our organization which is a communal mailbox, it's our helpdesk mailbox actually. Our problem is that with most helpdesk inboxes, we all have access to it which is causing problems with emails going missing, or being filed away before being completed.
I've been tasked by my manager to find out the following information:
1. What permissions are needed to open a mailbox within Outlook, but not be able to move/delete mail from the mailbox? I can see that if you grant Receive-As at the database or storage group level, that will allow them to logon to all mailboxes within that container, but that is a little too much power for what I need. I just want one mailbox to be effected.
2. If I put a deny Full Access on the mailbox to multiple people, does that also deny the permissions such as delete item, send-as, etc, the so called lower permissions? All the helpdesk staff are domain admins(might not be the best way, but it's what we're stuck with at the moment), and that seems to be where they are getting the access to the mailbox, via the domain admins group.