In many small and mid-sized businesses, it’s still common to see generic Microsoft 365 accounts like or shared among employees, this includes sharing one username and password to access the account. While this might feel like a practical and cost-efficient solution, it introduces serious risks that can impact your security, compliance, and efficiency.
Here’s why shared accounts should be avoided
Security and Accountability
Here are some of the things that can happen when multiple people share a single account:
- There’s no clear audit trail of actions.
- Passwords are likely being reused or exposed and consist of basic phrases that are easy for all employees to remember.
- Multi-Factor Authentication (MFA) is often disabled or unreliable.
If a shared account is compromised, it’s difficult to identify how it happened or what was accessed. Individual accounts allow for traceability and better protection. This is a critical item when it comes to providing evidence in the event of a breach or insurance claim.
Compliance and Legal Exposure
Regulations like GDPR, HIPAA, and others require the ability to log and track user activity. Shared accounts make this impossible, leaving your organization vulnerable during audits or legal investigations.
Without individual accountability, proving who accessed or changed data becomes a major challenge.
Productivity and Collaboration Issues
Microsoft 365 is designed for individual use but with shared accounts you suffer these items:
- Users lose personalized features like OneDrive, Teams chats, and Outlook calendars
- File collaboration suffers due to version conflicts and unclear ownership.
- Email replies from shared inboxes lack visibility into who handled what.
- The result is confusion, duplication of work, and decreased efficiency.
Licensing and Support Limitations
Sharing logins will violate Microsoft’s licensing terms. It also complicates access control because if someone leaves the company, disabling the shared account affects everyone still using it. The following quote is directly from Microsoft.
When you buy a subscription, you specify the number of licenses that you need, based on how many people you have in your organization. After you buy a subscription, you create accounts for people in your organization, and then assign a license to each person. As your organizational needs change, you can buy more licenses to accommodate new people, or reassign licenses to other users when someone leaves your organization.
During consultations with potential clients, we’ve discovered issues such as former employees, who departed six to twelve months ago, still having full access to the business mailbox. Without correct user account management, it’s hard to prevent scenarios like this from happening, it also doesn’t help when employees want to keep the same simple password they were used to, because it was more convenient for them.
From a support perspective, resolving issues or tracking user behavior is significantly harder with shared credentials.
What is the correct approach?
The answer: Individual user accounts with shared mailboxes
Instead of sharing a single user account and putting your business at risk, here’s what we do:
- Assign each user their own Microsoft license.
- Use a shared mailbox where needed for multiple users to have a group mailbox.
- Shared mailboxes are free, providing each user is correctly licensed, and are a great way to manage those generic style mailboxes that we all like to use.
By licensing each user correctly, you are ensuring there’s no violation of licensing terms, ensuring proper access control, user accountability and everything in your business runs a little smoother.
What does this look like from a cost perspective?
Let’s take the following scenario, Amy is a dentist and has an Orthodontic practice called: Dr Amy Orthodontics.
Amy has a team of six, including Amy that is seven accounts that require licensing:
- Four users are front office staff that require encrypted email capabilities, Microsoft Office software, access to data and documents and Microsoft Teams for internal communication.
- Three users are back-office staff who do not send out encrypted email but need to be licensed to access general staff email, company data, documents and Microsoft Teams for internal collaboration.
Here’s a breakdown of the cost structure. The listed pricing is the monthly cost at the time of writing this article.
| Person | Title | License | Cost | |
|---|---|---|---|---|
| Amy | Doctor | Microsoft 365 Business Premium | $26.40 | |
| Jane | Front Desk | Microsoft 365 Business Premium | $26.40 | |
| Thomas | Front Desk | Microsoft 365 Business Premium | $26.40 | |
| Sally | Treatment Coordinator | Microsoft 365 Business Premium | $26.40 | |
| Brian | Orthodontic assistant | Microsoft 365 F3 | $10.60 | |
| June | Orthodontic assistant | Microsoft 365 F3 | $10.60 | |
| Maggie | Lab Technician | Microsoft 365 F3 | $10.60 | |
| Info | General contact mailbox | Shared Mailbox | Free | |
| Billing | General billing mailbox | Shared Mailbox | Free |
The monthly total comes out to $137.40
That is not a lot of money per month to provide your staff with business software, email, encryption capabilities where needed, collaboration tools, file storage and managed cloud directory services to control access to business resources and many more items.
There are also other items to consider such as email backup and advanced filtering and protection, but it doesn’t cost that much more.
In the table above, we have info@ and billing@ mailboxes. These are shared mailboxes and do not have a cost associated with them.
- – Can be accessed by Amy, Jane, Thomas and Maggie.
- – Can be accessed by Amy, Sally and Thomas who sometimes helps out Sally with billing overflow.
Conclusion
Sharing email accounts in your business might seem convenient at first, but they create many more problems than they solve. Moving to a correct user-based pricing model protects your business, improves productivity, and helps you stay compliant with the related regulatory requirements.
Feel free to reach out and we can walk you through the process to make sure your business email is correctly set up, secure and compliant.