SOLVED

Best Practice - Retaining Mailboxes Exchange Online

Copper Contributor

I have read that there are a number of ways to retain a users mailboxes when they leave the business, Inactive, In-Place Hold, Litigation Hold.

 

Does anyone have any real life examples of how they manage mailboxes when users leave.

6 Replies
You can use litigation or in place- hold and then use inactive mailboxes when users leave!
Read up on difference between those two here:

https://docs.microsoft.com/en-us/exchange/security-and-compliance/in-place-and-litigation-holds

About inactive mailboxes feature:

https://docs.microsoft.com/en-us/office365/securitycompliance/create-and-manage-inactive-mailboxes

Many converts user mailboxes to shared mailboxes instead. Read a comparison here:

https://practical365.com/exchange-online/shared-mailboxes-vs-inactive-mailboxes-departed-users/

Adam

Those are all the same method basically, all powered by the native "hold" functionality in Exchange, just a different variation of it. As holds require you to have at least ExO Plan 2 license, the Inactive mailboxes are preferred method as they minimize the costs. Shared mailboxes or exporting to a third-part or PST file is another option, but those don't ensure "immutability" of the data, which is what's usually required in order to meet compliance/legal guidelines.

You asked for best practice about managing (preserving) mailboxes when users leave. The practice is different for on-premises Exchange than it is for Exchange Online (a fact to remember when reading up on the topic).

 

In 2015, Microsoft introduced the concept of inactive mailboxes to handle the problem of how to keep the mailboxes of leavers for what might be extended periods without requiring tenants to license those mailboxes. To make a mailbox inactive, you apply a hold to it (any hold will do), and then remove the Office 365 account. Exchange detects that a hold exists on the mailbox and moves it into inactive status. If necessary, you can recover data from or restore the inactive mailbox while the hold endures. As soon as the hold elapses,  Exchange marks the inactive mailbox as a candidate to be removed and the permanent deletion will happen soon afterwards.

 

The simplest kind of hold is a legal (or litigation hold). However, it might be easier to manage if you create an eDiscovery case with an associated hold. You can then add leavers to the hold to have it apply and make their mailbox inactive when their account is removed.

 

You can see the list of inactive mailboxes at any time by running the PowerShell command:

 

Get-Mailbox -InactiveMailboxOnly

 

This won't tell you the hold that is keeping the mailbox inactive - that requires more work.

best response confirmed by Tony Redmond (MVP)
Solution

@Tony Redmond Have you heard of large organizations placing all mailboxes on litigation hold and enable auto-archiving on all mailboxes as to avoid issue with mailboxes reaching max capacity?  Pros/cons?

@Erin Scupham Yes to both. There's no real downside. With EXO you don't pay for the extra space required for litigation hold or archives (unlike SPO where retention can consume lots of your storage allocation). One thing to keep an eye on is the size of the Recoverable Items quota. You get 100 GB and this can be increased by Microsoft, but if you have litigation hold enabled for very large or very active mailboxes, that quota can erode quickly.

@paulc30 

 

What i have been following in my current organization and recommending other Partners/Clients too is below - 

1. Have a Retention Hold Policy - SecurityCenter < Data Governance < Retention < New Policy - All Mailboxes. (define max timeline as per your requirement) 

This ensures all my current and future mailboxes have there data retained for as long as i want (defined in retention policy). It is easy to recover data, if user returns or for legal/compliance need by simply using the E-Discovery search(EXO)/Content Search (SCC).

2.  Actions we take when a user leaves the organization - (don't convert to Shared Mailbox) we now have Licensing Must for bigger sized shared mailboxes in Office 365 and if your user happens to be carrying tons of data in there Primary &/or Online Archive. Always remember, Shared Mailbox are Active Users too and without license if size exceeds more than 50 GB then there are problems !!

 

Once user leaves - 

a. Block Sign in (Set-msoluser upn -blockedcredential $true)

b. Setup Delegate access to Manager or replacement (if needed be, and you cant setup delegation on inactive/soft deleted mailbox if msol id is deleted or purged)

c. Setup forwarding (if needed and also block receive/send limit (Set-mailbox -maxsendsize -maxreceivesize )

d. Delete Msol account ( Remove-msoluser ) - soft delete (auto purges after 30 days)

 

Because mailbox is under retention hold ( SCC Retention Policy) you dont need place separate holds (in-place, litigation) and can recover/restore data to another mailbox or PST using content search.

 

Hope that answers your question/queries.

 

Cheers !

Ankit Shukla

 

 

 

 

 

 

 

1 best response

Accepted Solutions
best response confirmed by Tony Redmond (MVP)
Solution

@Tony Redmond Have you heard of large organizations placing all mailboxes on litigation hold and enable auto-archiving on all mailboxes as to avoid issue with mailboxes reaching max capacity?  Pros/cons?

View solution in original post