Forum Discussion

Brandon Hofmann's avatar
Brandon Hofmann
Copper Contributor
Jan 03, 2020

Microsoft 365 E5 Compliance license creating mailboxes for mail users (which we do not want)

We recently purchased Microsoft 365 E5 Compliance and E5 Security licenses to assign to our users (who already have the Microsoft 365 E3 license).   About 1/3 of our users do not have a mailbox hos...
exchange
Licensing & Activation
office 365
Brandon Hofmann's avatar
Brandon Hofmann
Copper Contributor
Jan 06, 2020

rene_weber  - Thank you very much for your reply.  Unfortunately these user's that have outside mailboxes are not in the O365 environment.  Some are Gmail, some are Exchange on-prem, one might even be Domino.  Since they do not have O365 in their other companies I do not believe B2B will work in this instance.  

 

VasilMichev - Per your instructions, here are the services that are part of E5 Compliance (along with their more user-friendly names. Let me know if there is anything else I can provide, thank you for your assistance!

 

ServicePlans


M365_ADVANCED_AUDITING - Microsoft 365 Advanced Auditing
INFORMATION_BARRIERS - Information Barriers
PREMIUM_ENCRYPTIONPremium Encryption in Office 365

MIP_S_CLP2 - Information Protection for Office 365 - Premium
PAM_ENTERPRISE - Office 365 Privileged Access Management
EQUIVIO_ANALYTICS - Office 365 Advanced eDiscovery
LOCKBOX_ENTERPRISE - Customer Lockbox
RMS_S_PREMIUM2 - Azure Information Protection Premium P2

VasilMichev's avatar
VasilMichev
MVP
Jan 06, 2020

Brandon Hofmann None of these should result in provisioning a mailbox. Yes, some of the services listed do *require* an Exchange Online license to be assigned, but no mailbox should be provisioned without such license assigned by you.

 

I assume you have some spare licenses that include Exchange Online and one of those got assigned for some reason. Do you handle assignments via the O365 Admin center, or via group-based licensing or some other method?

  • Brandon Hofmann's avatar
    Brandon Hofmann
    Copper Contributor
    Jan 07, 2020

    rene_weber  - Sorry, I didn't clearly explain - these users need accounts in our on-prem Active Directory environment as well, as some of them have computers assigned to them, while others may use a shared computer.  So I believe in order for that we need to create them in AD, and then sync them to O365/Azure, which is why we have them as Mail Users.

     

    So in this instance we wouldn't be able to do this solution, correct?  Again, thank you very much for your assistance!

     

     

    VasilMichev  - I've been using a test account that was created as an on-prem AD user, then mail enabled it and sync'd it to our O365/EXO.  I then applied licenses directly to the user (we usually use group-based licensing).

     

    If I remove the E5 Compliance license the EXO properties show up correctly, with the gmail.com address as the primary. But as soon as I add the E5 Compliance license back (even if I only enable 1 feature of it - and I tried each feature individually), the primary SMTP get's changed back to @domain.org (again only in EXO, it remains correct in our on-Prem Exchange, and AD, but it's wrong in the Address Book).

     

    I also have a ticket with MS opened, they thought it might be our Address Book Policies that were causing the issue, but I turned them off for that mail user and it still changes.  It's quite perplexing.  I appreciate the assistance though!

    • VasilMichev's avatar
      VasilMichev
      MVP
      Jan 08, 2020

      I'm getting confused now, you originally spoke about mailboxes, now you mention mail user. There's no way you can have a mailbox with gmail.com address, so I suppose MEUs is what you are indeed creating. If you apply an Exchange license to those, any non-accepted-domain aliases will be stripped out of them, even if no mailbox is actually provisioned for the user. But that should only happen with an actual Exchange Online license assigned, not the compliance SKU.

       

      Unfortunately I don't have the actual SKU to verify/reproduce this, but pining Nino_Bilic to confirm.

      • Brandon Hofmann's avatar
        Brandon Hofmann
        Copper Contributor
        Jan 08, 2020

        VasilMichev - Apologies for the confusion - the issue I'm experiencing with the E5 Compliance is only impacting Mail Users. 

         

        "If you apply an Exchange license to those, any non-accepted-domain aliases will be stripped out of them, even if no mailbox is actually provisioned for the user."

         

        I think that line describes our exact issue - even though we are not assigning an Exchange license to these users, when we assign any feature of the E5 Compliance license, it appears to assign a license to them, as the "Mail" tab for the user changes from "This user doesn't have an Exchange Online license" to listing all their Mail settings ("Mailbox Permissions", "Email apps", etc).

         

        But again, the moment I remove E5 Compliance, it reverts back.  I even removed every other license assigned to the test user, then only assigned "Microsoft 365 Advanced Auditing" and "Office 365 Advanced Discovery" from E5 Compliance, and it still strips out the Gmail address, and makes "domain.org" the primary SMTP.

         

        Although when I did that it says "This user doesn't have an Exchange Online license" in the mail tab.

         

Resources