I called mine “DisabledMailboxes,” and hid it from the Global Address List. To create a transport rule that prevents sending and receving for these mailboxes, first you’ll need to create a new distribution group and add your mailboxes to it. While this is not a huge deal, I didn’t want to create the false impression that a deprovisioned mailbox was still in active use, so I decided to leverage a transport rule to handle this. Although removing the Exchange license for a user removes their access to their mailbox, the mailbox itself can still receive email messasges. The key is that you should only remove the Exchange and Exchange Archiving service plans and leave any other applicable service plans in place. To learn more about managing Office 365 user licenses with PowerShell, see my blog series on the topic. You can remove the Exchange Online license using the Office 365 Admin Center, or you can use PowerShell. Once this is removed all entry points into Exchange Online will be hidden from the user, and sign-in will fail. This is how we remove the user’s access to their Exchange Online mailbox. Remove the Exchange and Exchange Archiving Licenses In-Place holds are a bit more complex and are an entity all their own. NOTE: You can use In-Place Hold instead of Litigation Hold, but in our case I stick with Litigation Hold because it’s very simple to use and the settings belong to the mailbox. Instructions for setting a mailbox to litigation hold can be found here. In addition, this retains mailbox data even after a user has deleted it, ensuring that you can discover messages for legal compliance cases. This step is important because deactivated mailboxes can only be restored for up to 30 days after a user is deleted. Here are the steps I followed to disable mailboxes for active Office 365 users: 1. I asked about how best to achieve our goal here but did not get a full answer, so I set out to experiment about how to achieve this. This turned out to be a bit trickier than I would have thought. In our case, however, we don’t intend to delete these users but we would like to remove the mailboxes. The guidance provided by Microsoft for this all centers around employees who are leaving your organization which is why the trigger for converting to an inactive mailbox is the deletion of the user. When a mailbox is on Litigation Hold and the corresponding user is deleted, the mailbox is converted to “Inactive” and all it’s data is retained. We use Litigation Hold to achieve this retention. Our compliance policy also dictates that the mailbox data will need to be retained for an extended period of time. However, other services in Office 365 such as Onedrive for Business and the Office Pro Plus subscription will need to be retained. We have a type of user that only has need of a mailbox for a certain period of time, and once this time has passed then according to our policy access to that mailbox will be removed. This will be a quick post to detail the steps I took to resolve an issue in Exchange Online where we had a very specific use case for mailbox compliance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |