Any advice on a self service way of having managers access mailbox from terminated employees?

Brass Contributor



I'm looking for some advice on a challenge we are facing with accessing mailboxes from terminated users. Currently, we have some managers who need access to terminated employees' emails for valid business reasons, and our current process involves exporting PSTs from eDiscovery, which can be time-consuming and cumbersome. Moreover, once we pass the PST to the requestor, we lose control of it, which is not ideal because it's not subject to retention policies.


We've considered creating a shared mailbox, importing the PST there, and giving access to the requestor, but that takes too long and involves too many parties in the process (exporting the PST, legal team, creating the shared folder, X team, giving access to said shared mailbox, eventually removing it, Y team, etc.).


I would like to know if there is a self-service way for approved employees to access mailboxes from terminated users (users that no longer exist in Active Directory and are only available in eDiscovery). Any insights or advice you can provide would be greatly appreciated.

Thank you in advance for your help.

2 Replies
I have run into a similar issue with Exchange 365. We wish to give managers access to email for 30 days upon account deletion as we do OneDrive during the account deletion process. The problem we ran into is Microsoft converts the mailbox to a shared mailbox, which never actually deletes.

We convert the user's mailbox to a shared mailbox as part of the offboarding process. Assigning read permissions is only a few clicks away. Delegated/full access over a mailbox doesn't need to be via a PST file, and automaps by default in Outlook. 

As for retention, we use a 3rd party solution with infinite retention using journaling. 
The shared mailbox is removed after 6 months when a task is kicked off to delete the associated user.
I understand you may want to prevent modifications to the mailbox for legal reasons, in which case ediscovery or pst export is your only option. You could still probably automate some of it and spit out a PST (using powerapps and powershell scripting) of offboarded users to Azure files and send the manager (using the AD property) a link they can use to read the pst file.


PS: OneDrive's 'create link to files' is flaky, however, and that's a poor solution that needs to be fixed.