Blog Post

Exchange Team Blog
3 MIN READ

Introducing Exchange Online Delicensing Resiliency to protect against unintended delicensing actions

The_Exchange_Team's avatar
Nov 05, 2024

We recently introduced a new feature in Exchange Online that allows admins to add protection against the accidental or unintended delicensing of an Exchange Online mailboxes by providing a 30-day grace period upon license removal. The feature also provides options for admin and user notification to proactively avoid the consequences of unintentional delicensing. This is an opt-in feature accessible to tenants with over 10,000 non-trial Exchange Online licenses.

How Delicensing Resiliency Works

Exchange Online user mailbox access is tied to the presence of a license. License removal causes the mailbox to be unavailable to the user, which affects mail flow and leads to non-delivery reports (NDRs) or misrouting of emails.

There have been incidents in the past where customers using Group Based Licensing have accidentally delicensed a large population of their users resulting in wide-spread service disruption and an interruption in mail flow.

This new feature acts as a safeguard against the immediate effects of delicensing errors by providing a 30-day grace period starting with license removal, providing time for admins to correct any mistakes. During this grace period, mailboxes maintain their pre-delicensing functionality, giving admins the necessary time to address any delicensing mistakes. During this grace period, the admin also has the option to expedite user delicensing, re-license the user, or leave them unlicensed until grace period is over.

Once the 30-day grace period expires and we remove the license, the user mailbox follows its own default 30-day grace period, during which time the user cannot access the mailbox. However, if the license is added back, access is restored, and the mailbox becomes active. After the 30-day grace period, the data is deleted and can't be recovered.

The following illustrations summarize the behavior change:

When Exchange Online Delicensing Resiliency feature is not enabled (default behavior):

After Exchange Online Delicensing Resiliency feature is enabled (new behavior):

Once the feature is enabled, you can see when the 30-day grace period will expire by running Get-PendingDelicenseUser:

You can also use the Microsoft 365 admin center to see when the grace period ends and take other actions including expediting delicensing.

To make this feature actionable, we have added a Service Health advisory notification for admins as well as user email notification, so admins can proactively handle potential unintended delicensing of Exchange Online users before the 30-day grace period expires. When the feature is enabled, Service Health advisory notifications for admins and email notifications for users are also enabled.

Service Health advisory notifications are designed for admins to receive an advisory digest notification whenever there is any delicensing activity in your tenant. The Service Health post includes the count of delicensed users over a period of 8 days, that are within the 30-day grace period.

Below is a sample Service Health advisory notification:

Admins can then take appropriate actions, such as expediting delicensing of a user or re-licensing the user.

Because there is a chance that an admin might not notice or act on the Service Health advisory, user notification is enabled by default. Users who had their license removed will get a few emails starting about 18 days after delicensing. The email reminders will be sent only to users with mailbox activity 24 hours after delicensing, such as sending email or accessing the mailbox.

Below is an example of the user email notification:

Learn More

Currently the feature is available only in our WW cloud; we'd like to hear your feedback on rolling out this feature in government and sovereign clouds (please comment below).

For more information about this new feature, see Get Started with Exchange Online Delicensing Resiliency. Let us know your thoughts on this feature!

Yajvendra Gupta

Updated Nov 04, 2024
Version 1.0
  • MatthiasMichl's avatar
    MatthiasMichl
    Brass Contributor
    1. maybe i am misreading this or missing the information - will this be auto-enabled or is there any admin action to be done to activiate this?
    2. is a similar feature planned also for MS Teams? Which would be very helpful. We do - from time to time - lose user licensing for users that were enabled for Teams Telephony (Direct Routing). We can not explain those losses so far, but the consequence is, that the user will have the assigned phone number unassigned. And with the non-presence of a phone number management system within Teams and basically no history written (at least we have not found those entries for a number unassignment), it makes things difficult to find out which number was assigned to which user. In the past, Microsoft did not make the number assignment dependent on a license, but this changed i think 3 years or so ago.