Share all details about your problem, including any error messages you may have received.
*When aggregating Exchange Online information using the Entra Connector (Azure Active Directory), shared mailbox rights get displayed on the account as a GUID. Most often we create shared mailboxes using New-RemoteMailbox on Exchange Server.
This is problematic in access reviews for obvious reasons, is there a way to set these shared Mailbox entitlements as a UserPrincipalName or PrimarySMTPAddress of the Mailbox*
We do have Exchange Online management enabled for Entra and that is working if that is what you are referring to. IT just shows Shared Mailboxes as a GUID
Based on these screenshots, sharedMailbox is a string attribute, not a reference to another object type on the application
Look at channel, or assignedPlans. Those attributes have a specified object type relating to the ManagedAttribute created for those on group aggregation
Do you have a specific group type for shared mailbox?
HEre is a screenshot of what we are seeing on the accounts
We configured the schema based on the following doc, Based on the doc it doesnt look like aggregation of sharedMailboxes is supported as an entitlement type. Is that what you were suggesting or am I missing something?
To aggregate shared mailbox attributes as an Entitlement, add sharedMailbox as an account attribute.
Example Name: sharedMailbox
Type: String
Property: Multivalued, Entitlement
@mrioux Understood. Have you tried importing the mapping from Entitlement Catalog? or write a rule to get the values using REST/Graph APIs and update it programmatically?
Entra ID connector aggregates shared mailboxes in the account aggregation. Do you have an identity cube for each shared mailbox? If so, you can use customization rule to map shared mailbox rights with their identity names.
After opening a case with support the recommendation was made to add the following entry key in debug to pull in sharedMailbox entitlements with a displayName
