We recently introduced a new feature in Exchange Online that allows admins to add protection against the accidental or unintended delicensing of an Exchange Online mailboxes by providing a 30-day grace period upon license removal. The feature also provides options for admin and user notification to proactively avoid the consequences of unintentional delicensing. This is an opt-in feature accessible to tenants with over 10,000 non-trial Exchange Online licenses.
How Delicensing Resiliency Works
Exchange Online user mailbox access is tied to the presence of a license. License removal causes the mailbox to be unavailable to the user, which affects mail flow and leads to non-delivery reports (NDRs) or misrouting of emails.
There have been incidents in the past where customers using Group Based Licensing have accidentally delicensed a large population of their users resulting in wide-spread service disruption and an interruption in mail flow.
This new feature acts as a safeguard against the immediate effects of delicensing errors by providing a 30-day grace period starting with license removal, providing time for admins to correct any mistakes. During this grace period, mailboxes maintain their pre-delicensing functionality, giving admins the necessary time to address any delicensing mistakes. During this grace period, the admin also has the option to expedite user delicensing, re-license the user, or leave them unlicensed until grace period is over.
Once the Exchange Online delicensing resiliency feature’s 30-day grace period expires and we remove the license, the user mailbox follows its own default 30-day grace period, during which time the user cannot access the mailbox. However, if the license is added back, access is restored, and the mailbox becomes active. After the 30-day grace period, the data is deleted and can't be recovered.
The following illustrations summarize the behavior change:
When Exchange Online Delicensing Resiliency feature is not enabled (default behavior):
After Exchange Online Delicensing Resiliency feature is enabled (new behavior):
Once the feature is enabled, you can see when the 30-day grace period will expire by running Get-PendingDelicenseUser:
You can also use the Microsoft 365 admin center to see when the grace period ends and take other actions including expediting delicensing.
To make this feature actionable, we have added a Service Health advisory notification for admins as well as user email notification, so admins can proactively handle potential unintended delicensing of Exchange Online users before the 30-day grace period expires. When the feature is enabled, Service Health advisory notifications for admins and email notifications for users are also enabled.
Service Health advisory notifications are designed for admins to receive an advisory digest notification whenever there is any delicensing activity in your tenant. The Service Health post includes the count of delicensed users over a period of 8 days, that are within the 30-day grace period.
Below is a sample Service Health advisory notification:
Admins can then take appropriate actions, such as expediting delicensing of a user or re-licensing the user.
Because there is a chance that an admin might not notice or act on the Service Health advisory, user notification is enabled by default. Users who had their license removed will get a few emails starting about 18 days after delicensing. The email reminders will be sent only to users with mailbox activity 24 hours after delicensing, such as sending email or accessing the mailbox.
Below is an example of the user email notification:
Learn More
Currently the feature is available only in our WW cloud; we'd like to hear your feedback on rolling out this feature in government and sovereign clouds (please comment below).
For more information about this new feature, see Get Started with Exchange Online Delicensing Resiliency. Let us know your thoughts on this feature!
Yajvendra Gupta
Microsoft
