Anonymous User in O365 Mailbox PermissionsIssues with Additional Accounts in Exchange and Outlook 2010Outlook 2010 keeping outgoing emails, only sending after application restartHow can I test an Office 365 / Exchange 365 email account without logging into it?How can I recover or restore an Office 365 mailbox of a deleted user?Outlook error “there was no endpoint listening at net.pipe://localhost/…”Room Mailbox Permissions O365 in OutlookCreate a Shared Mailbox from a new Synced User AccountA linked mailbox user sometimes connects to wrong Exchange organization365 Shared Mailbox and Calendar PermissionsHow to disable cache exchange mode/offline storing office 365 mails for email clients such as outlook/thunderbird?
Can a UK national work as a paid shop assistant in the USA?
How do I write real-world stories separate from my country of origin?
size of pointers and architecture
What is this dime sized black bug with white on the segments near Loveland Colorodao?
What spell do I need to be my own rock band?
Shell builtin `printf` line limit?
Ribbon Cable Cross Talk - Is there a fix after the fact?
csname in newenviroment
Does science define life as "beginning at conception"?
Department head said that group project may be rejected. How to mitigate?
To exponential digit growth and beyond!
Make the `diff` command look only for differences from a specified range of lines
Are there historical examples of audiences drawn to a work that was "so bad it's good"?
Why did Nick Fury not hesitate in blowing up the plane he thought was carrying a nuke?
What is the required burn to keep a satellite at a Lagrangian point?
Is ideal gas incompressible?
Team member is vehemently against code formatting
Three knights or knaves, three different hair colors
Why do the i8080 I/O instructions take a byte-sized operand to determine the port?
Does the fact that we can only measure the two-way speed of light undermine the axiom of invariance?
amsmath: How can I use the equation numbering and label manually and anywhere?
(For training purposes) Are there any openings with rook pawns that are more effective than others (and if so, what are they)?
Surface of the 3x3x3 cube as a graph
Proto-Indo-European (PIE) words with IPA
Anonymous User in O365 Mailbox Permissions
Issues with Additional Accounts in Exchange and Outlook 2010Outlook 2010 keeping outgoing emails, only sending after application restartHow can I test an Office 365 / Exchange 365 email account without logging into it?How can I recover or restore an Office 365 mailbox of a deleted user?Outlook error “there was no endpoint listening at net.pipe://localhost/…”Room Mailbox Permissions O365 in OutlookCreate a Shared Mailbox from a new Synced User AccountA linked mailbox user sometimes connects to wrong Exchange organization365 Shared Mailbox and Calendar PermissionsHow to disable cache exchange mode/offline storing office 365 mails for email clients such as outlook/thunderbird?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I was digging around in Microsoft Outlook for Mac and I noticed a strange user account when I was looking at the folder permissions.
There is a user called "Anonymous" who supposedly has no permissions. A quick google search showed that a tech from Microsoft said that the user can be used to read/access/view a folder even though they might not be users in the organization if they know the URL
Reference:
https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_other/office-365-outlook-what-is-anonymous-in-permission/b75fa182-ddb9-4c38-b700-facef79c45a9
Does anyone know what the real purpose of the "Anonymous" user account? Also, is it a security risk?
Mailbox Permissions Screenshot
permissions exchange outlook microsoft-office-365
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
add a comment |
I was digging around in Microsoft Outlook for Mac and I noticed a strange user account when I was looking at the folder permissions.
There is a user called "Anonymous" who supposedly has no permissions. A quick google search showed that a tech from Microsoft said that the user can be used to read/access/view a folder even though they might not be users in the organization if they know the URL
Reference:
https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_other/office-365-outlook-what-is-anonymous-in-permission/b75fa182-ddb9-4c38-b700-facef79c45a9
Does anyone know what the real purpose of the "Anonymous" user account? Also, is it a security risk?
Mailbox Permissions Screenshot
permissions exchange outlook microsoft-office-365
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
add a comment |
I was digging around in Microsoft Outlook for Mac and I noticed a strange user account when I was looking at the folder permissions.
There is a user called "Anonymous" who supposedly has no permissions. A quick google search showed that a tech from Microsoft said that the user can be used to read/access/view a folder even though they might not be users in the organization if they know the URL
Reference:
https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_other/office-365-outlook-what-is-anonymous-in-permission/b75fa182-ddb9-4c38-b700-facef79c45a9
Does anyone know what the real purpose of the "Anonymous" user account? Also, is it a security risk?
Mailbox Permissions Screenshot
permissions exchange outlook microsoft-office-365
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
I was digging around in Microsoft Outlook for Mac and I noticed a strange user account when I was looking at the folder permissions.
There is a user called "Anonymous" who supposedly has no permissions. A quick google search showed that a tech from Microsoft said that the user can be used to read/access/view a folder even though they might not be users in the organization if they know the URL
Reference:
https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_other/office-365-outlook-what-is-anonymous-in-permission/b75fa182-ddb9-4c38-b700-facef79c45a9
Does anyone know what the real purpose of the "Anonymous" user account? Also, is it a security risk?
Mailbox Permissions Screenshot
permissions exchange outlook microsoft-office-365
permissions exchange outlook microsoft-office-365
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
asked May 8 at 15:14
Frank MiragliaFrank Miraglia
83
83
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
It sounds like this "user" is intended to be a placeholder or a way of specifying the large class of people who don't have accounts on your system.
Using this identifier ("user"), you or your staff can say, effectively, that they want to share a calendar or (apparently) portion of their mailbox with someone (effectively anyone) without requiring them to have (or log into) an account on your system.
Often this requires someone sharing the URL with them, so the URL can function as a sort of password, but it is essentially a shared password, and relatively easily shared at that, so, yes, there is a security implication.
It may make sense to share something read-only with this "Anonymous" identifier, but I would tend not to provide write permission.
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
Thank you! Makes sense now.
– Frank Miraglia
May 9 at 14:19
add a comment |
Does anyone know what the real purpose of the "Anonymous" user
account?
The real purpose is exactly what Microsoft stated. This permission is for granting users outside of your organization access to those folders. This is a standard mailbox permission in Exchange Server.
Also, is it a security risk?
Only if you somehow made that folder available to the public AND you granted the Anonymous user actual permissions to the folder... so, no... this is not a "real" security risk. This is the default setting for every folder in every mailbox for every user in the world who uses Exchange Server.
As you can see in your screenshot, the Anonymous user has no permissions by default. You would have to explicitly grant that entity permissions AND you'd have to make that folder publicly available in order for anyone to actually access that folder.
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
Yes, anonymous is for users that didn't authenticat with the domain.
– Jayce Yang
May 9 at 1:47
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966407%2fanonymous-user-in-o365-mailbox-permissions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It sounds like this "user" is intended to be a placeholder or a way of specifying the large class of people who don't have accounts on your system.
Using this identifier ("user"), you or your staff can say, effectively, that they want to share a calendar or (apparently) portion of their mailbox with someone (effectively anyone) without requiring them to have (or log into) an account on your system.
Often this requires someone sharing the URL with them, so the URL can function as a sort of password, but it is essentially a shared password, and relatively easily shared at that, so, yes, there is a security implication.
It may make sense to share something read-only with this "Anonymous" identifier, but I would tend not to provide write permission.
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
Thank you! Makes sense now.
– Frank Miraglia
May 9 at 14:19
add a comment |
It sounds like this "user" is intended to be a placeholder or a way of specifying the large class of people who don't have accounts on your system.
Using this identifier ("user"), you or your staff can say, effectively, that they want to share a calendar or (apparently) portion of their mailbox with someone (effectively anyone) without requiring them to have (or log into) an account on your system.
Often this requires someone sharing the URL with them, so the URL can function as a sort of password, but it is essentially a shared password, and relatively easily shared at that, so, yes, there is a security implication.
It may make sense to share something read-only with this "Anonymous" identifier, but I would tend not to provide write permission.
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
Thank you! Makes sense now.
– Frank Miraglia
May 9 at 14:19
add a comment |
It sounds like this "user" is intended to be a placeholder or a way of specifying the large class of people who don't have accounts on your system.
Using this identifier ("user"), you or your staff can say, effectively, that they want to share a calendar or (apparently) portion of their mailbox with someone (effectively anyone) without requiring them to have (or log into) an account on your system.
Often this requires someone sharing the URL with them, so the URL can function as a sort of password, but it is essentially a shared password, and relatively easily shared at that, so, yes, there is a security implication.
It may make sense to share something read-only with this "Anonymous" identifier, but I would tend not to provide write permission.
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
It sounds like this "user" is intended to be a placeholder or a way of specifying the large class of people who don't have accounts on your system.
Using this identifier ("user"), you or your staff can say, effectively, that they want to share a calendar or (apparently) portion of their mailbox with someone (effectively anyone) without requiring them to have (or log into) an account on your system.
Often this requires someone sharing the URL with them, so the URL can function as a sort of password, but it is essentially a shared password, and relatively easily shared at that, so, yes, there is a security implication.
It may make sense to share something read-only with this "Anonymous" identifier, but I would tend not to provide write permission.
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
answered May 8 at 15:40
SlartibartfastSlartibartfast
2,9401316
2,9401316
Thank you! Makes sense now.
– Frank Miraglia
May 9 at 14:19
add a comment |
Thank you! Makes sense now.
– Frank Miraglia
May 9 at 14:19
Thank you! Makes sense now.
– Frank Miraglia
May 9 at 14:19
Thank you! Makes sense now.
– Frank Miraglia
May 9 at 14:19
add a comment |
Does anyone know what the real purpose of the "Anonymous" user
account?
The real purpose is exactly what Microsoft stated. This permission is for granting users outside of your organization access to those folders. This is a standard mailbox permission in Exchange Server.
Also, is it a security risk?
Only if you somehow made that folder available to the public AND you granted the Anonymous user actual permissions to the folder... so, no... this is not a "real" security risk. This is the default setting for every folder in every mailbox for every user in the world who uses Exchange Server.
As you can see in your screenshot, the Anonymous user has no permissions by default. You would have to explicitly grant that entity permissions AND you'd have to make that folder publicly available in order for anyone to actually access that folder.
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
Yes, anonymous is for users that didn't authenticat with the domain.
– Jayce Yang
May 9 at 1:47
add a comment |
Does anyone know what the real purpose of the "Anonymous" user
account?
The real purpose is exactly what Microsoft stated. This permission is for granting users outside of your organization access to those folders. This is a standard mailbox permission in Exchange Server.
Also, is it a security risk?
Only if you somehow made that folder available to the public AND you granted the Anonymous user actual permissions to the folder... so, no... this is not a "real" security risk. This is the default setting for every folder in every mailbox for every user in the world who uses Exchange Server.
As you can see in your screenshot, the Anonymous user has no permissions by default. You would have to explicitly grant that entity permissions AND you'd have to make that folder publicly available in order for anyone to actually access that folder.
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
Yes, anonymous is for users that didn't authenticat with the domain.
– Jayce Yang
May 9 at 1:47
add a comment |
Does anyone know what the real purpose of the "Anonymous" user
account?
The real purpose is exactly what Microsoft stated. This permission is for granting users outside of your organization access to those folders. This is a standard mailbox permission in Exchange Server.
Also, is it a security risk?
Only if you somehow made that folder available to the public AND you granted the Anonymous user actual permissions to the folder... so, no... this is not a "real" security risk. This is the default setting for every folder in every mailbox for every user in the world who uses Exchange Server.
As you can see in your screenshot, the Anonymous user has no permissions by default. You would have to explicitly grant that entity permissions AND you'd have to make that folder publicly available in order for anyone to actually access that folder.
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
Does anyone know what the real purpose of the "Anonymous" user
account?
The real purpose is exactly what Microsoft stated. This permission is for granting users outside of your organization access to those folders. This is a standard mailbox permission in Exchange Server.
Also, is it a security risk?
Only if you somehow made that folder available to the public AND you granted the Anonymous user actual permissions to the folder... so, no... this is not a "real" security risk. This is the default setting for every folder in every mailbox for every user in the world who uses Exchange Server.
As you can see in your screenshot, the Anonymous user has no permissions by default. You would have to explicitly grant that entity permissions AND you'd have to make that folder publicly available in order for anyone to actually access that folder.
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
edited May 8 at 21:54
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
answered May 8 at 21:44
joeqwertyjoeqwerty
97.3k465149
97.3k465149
Yes, anonymous is for users that didn't authenticat with the domain.
– Jayce Yang
May 9 at 1:47
add a comment |
Yes, anonymous is for users that didn't authenticat with the domain.
– Jayce Yang
May 9 at 1:47
Yes, anonymous is for users that didn't authenticat with the domain.
– Jayce Yang
May 9 at 1:47
Yes, anonymous is for users that didn't authenticat with the domain.
– Jayce Yang
May 9 at 1:47
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966407%2fanonymous-user-in-o365-mailbox-permissions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
