Several weeks ago, we enabled a new Office 365 feature to some tenants where the removal of the Exchange License didn’t immediately mail disable the user and disconnected the mailbox. The new behavior then required to manually (via RPS – remote PowerShell) go and run through EXO RPS the Disable-Mailbox -PermanentlyDelete cmdlet to achieve the same result we previously had – a permanent deletion of the disconnected mailbox.
Due to extensive feedback from customers we are rolling back this feature to the original behavior in order to improve the feature before we release it again in an easier format (and with better documentation).
As of today (10/31/2016) – going forward until feature is re-introduced in the future:
The removal of Exchange license from a user will trigger a mail disable operation in Exchange Online as it did before. The user’s mailbox will then be disconnected and will enter a tombstone state. This is not a soft deletion operation; if you want to preserve the mailbox for later recovery please use the Soft Deletion feature or Inactive mailboxes with in-place or litigation hold.
Adding the license back to this user within 30 days will result in a ‘best effort’ reconnect with the old content of the mailbox. This is the behavior we had before the change, we are just reverting to it.
Note: we have already started the rollback of this feature but it might take about 24 hours until all of our customers see changed behavior. To be safe, please assume that behavior has changed already starting right now.
What happens to the users whose license was removed within the time frame of the feature being enabled?
We are grand-fathering in these users. The mailbox and user will remain connected and mail enabled for an indefinite amount of time. You have some options for these users:
How to find them?
Users in this state can be found through EXO remote PowerShell using Get-Mailbox and looking for the SKUAssigned flag in EXO being set to “False”.
Sample user with removed license during feature being on:
What do I do with them?
You have 4 options (since a mailbox without a license has access blocked within 30 days of creation):
- Soft Deletion: Retention for a short period in case mailbox needs to be recovered. Mailboxes in this state are removed from Exchange after 30 days, at which time they can no longer be recovered. By default, a mailbox is soft-deleted if the user’s Office 365 account is removed.
The entire object (including the UPN and identity) are in a soft deletion state across the service. This allows for full data recovery and full re-use of any and all properties of the user in soft deletion state in a new user.
- Permanent removal (hard-deletion). In this case, the mailbox can no longer be recovered. You can permanently purge a mailbox from Exchange Online by running the Disable-Mailbox cmdlet (UI to come)
- [PS] C:\> Disable-Mailbox -Identity <User> -PermanentlyDelete
The user object also loses Exchange properties in this case; that frees all email/proxy addresses and allows the object to be stamped with External Email address a new. The process requires for you to remove the license, then run the above command and then update the necessary attributes.
- Retained indefinitely (inactive mailbox). A mailbox becomes inactive if it is under a litigation or in-place hold for compliance or regulatory purposes and is then deleted. Exchange recognizes that the hold exists and retains the mailbox for as long as the hold applies. During this time, the mailbox can be recovered or restored. When the hold is removed, the mailbox is permanently deleted.
- Add a license back to the user – this will restore access and the mailbox will become fully active.
We apologize for the back and forth on this, and realize that we have to do better when releasing features to the service, which the team is committed to doing when we release this feature again.