Microsoft Defender for Office 365 Licensing for Shared Mailboxes: A Critical Clarification

Kris WilkinsonJune 23, 2023

In this blog, we’re going to address a crucial aspect of Microsoft’s licensing requirements that has often been overlooked – Defender for Office 365 licensing used for shared mailboxes. We recently confirmed Microsoft does in fact require clients to license Shared Mailboxes with Defender for Office 365 licensing if the mailbox receives mail.

What is Defender for Office 365?

Defender for Office 365 is a robust, cloud-based filtering service that offers:

  • Enhanced spam protection for e-mail
  • Harmful URL checking for E-mail, Teams, and SharePoint
  • Attachment scanning (virus, malware, etc.) for E-mail, Teams and SharePoint

This particular service has been especially powerful against phishing attacks because it sits directly in front of Microsoft’s services and prevents users from accessing dangerous content. It can be used for regular and shared mailboxes.

Clarifying the Licensing Requirement

Although this isn’t a new policy from Microsoft, it’s become apparent that many businesses were not aware of the licensing requirements around shared mailboxes. Primarily because shared mailboxes typically require absolutely no licensing and are free for use.

For shared mailboxes that receive email, a Defender for Office 365 license is a must, as per the licensing terms outlined by Microsoft. This is not merely a recommended measure but a compulsory one, aimed at promoting optimal security in our shared digital spaces.

For those who utilize shared mailboxes that do not receive email, you should remove the email address from the shared mailbox; removing its ability to receive inbound e-mail. This will allow you to continue access the existing data from the former employee or department, and eliminate the need to license the shared mailbox.

For a more in-depth look at these licensing terms, you can visit Microsoft’s Service Description page here.

The Way Forward

Adhering to Microsoft’s licensing requirements can often be complex, but it’s important to remain compliant, especially when it comes to security services that protect against human error. We recognize that Microsoft’s requirements can be challenging, especially for businesses that rely on shared mailboxes.

SIRKit is here to help. If you are a Managed IT partner and your licensing is not compliant, our Proactive Team will reach out shortly to review everything and make recommendations.