Home
Join

14 Replies

  • If you don't want shared mailboxes to be displayed, you could do PSTs I guess but I'm not a fan of that.

    I've just stick with keeping a shared mailbox around for a month or so and then then delete. For high profile employees, we might keep it around for 6 months, but definitely not years or forever.

    Pepper graySpice (6) flagReport
    Was this post helpful? thumb_up thumb_down
  • You could rename the mailboxes to start with "ZZ-" so they sort to the end of lists.

    Also, switch off "Show in global address list" for those accounts (works with shared mailboxes too)

    Don't save them to psts - if you do, they won't be available for e-discovery searches.

    Pepper graySpice (4) flagReport
    1 found this helpful thumb_up thumb_down
  • bbigford wrote:

    If you don't want shared mailboxes to be displayed, you could do PSTs I guess but I'm not a fan of that.

    I've just stick with keeping a shared mailbox around for a month or so and then then delete. For high profile employees, we might keep it around for 6 months, but definitely not years or forever.

    Problem is that we need to keep the mailboxes for longer for legal purposes - and like you, I'm not a fan of PSTs. The shared mailbox is a perfect way of storing them (at Microsoft's expense!) apart from the fact they're mixed in with the 'real' users.

    jamesclarkson wrote:

    You could rename the mailboxes to start with "ZZ-" so they sort to the end of lists.

    That's a rough and ready workaround. But in the absence of any better options, I suppose it would achieve what I'm trying to do :)

    Pepper graySpice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • You can hide the ex-staff shared mailboxes from the address list.

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Adam-BCH wrote:

    You can hide the ex-staff shared mailboxes from the address list.

    Yes, they're already hidden. It's the Microsoft / Exchange 365 consoles that I'm trying to tidy up.

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Instead of reactivating the user account as a cloud user, have you considered archiving the mailbox as an inactive mailbox in Exchange? I have never done this before personally, but I believe you can do this in the Compliance Center by putting a litigation hold on it which will allow you to keep the mailbox without needing to pay for a license for the user account.

    Pepper graySpice (2) flagReport
    1 found this helpful thumb_up thumb_down
  • We delete the users from Exchange within a day or two of the user leaving \ becoming in active unless the manager specifically requests to keep access to the mailbox for a few weeks.

    If we need to reference the mailbox past that date we can reference the mailbox out of our Office365 backup software.

    Was this post helpful? thumb_up thumb_down
  • You can use the Compliance Admin Center to archive them.

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • A client of ours has the exact same setup. We currently diable the user in AD and convert to SMB - They often have to jump in and out of the SMB for historical purposes so rarely delete users. We run a report off every so often for their super user to review, letting us know who to delete etc.

    The probem we face is that when using 365 integrated 3rd party apps, eg exchange backup SaaS - We often have to manually go through and omit these redundant accounts, that still get picked up, as not to get billed. Very annoying when you have >100 to go through. 

    Pepper graySpice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • jamesclarkson wrote:

    You could rename the mailboxes to start with "ZZ-" so they sort to the end of lists.

    Also, switch off "Show in global address list" for those accounts (works with shared mailboxes too)

    Don't save them to psts - if you do, they won't be available for e-discovery searches.

    Fun little bug in O365 when you switch off "show in global address list" on shared mailboxes, you cannot send as that shared user even if you have the "send on behalf" permission applied. Not really an issue for departed employees, but for active shared mailboxes its a fun one to isolate and track down.  When i reported it to MS a few months ago, they didn't seem to think that was an issue.

    Pepper graySpice (1) flagReport
    1 found this helpful thumb_up thumb_down
  • We have hard retention policies for ex employees.  Attorney's are held and monitored as a shared mailbox for 1 year + 1 week, staff 33 days.  It is up to the person monitoring to request if any data is moved when the time to delete comes up.  For discovery, our internal policy states that any client related files and emails are saved to the document management system.

    Was this post helpful? thumb_up thumb_down
  • Do you use the Retention Policy in Microsoft's Data Lifecyle Management, for Email Retention?  This allows you to search for and recover permanently deleted emails, even for deleted employees.

    Have you ever needed to search for a deleted email, from a deleted employee, for legal or contractual reasons?  If so, how does converting a Microsoft 365 Email license, to a free Shared Mailbox, provide you with the same legal recovery method, that is attained by Microsoft's eDiscovery?

    Please correct me if I'm mistaken, although my understanding is that Microsoft 365 eDiscovery does not recover permanently deleted email, from a "free" Shared Mailbox.

    Was this post helpful? thumb_up thumb_down
  • theitguy107 wrote:

    Instead of reactivating the user account as a cloud user, have you considered archiving the mailbox as an inactive mailbox in Exchange? I have never done this before personally, but I believe you can do this in the Compliance Center by putting a litigation hold on it which will allow you to keep the mailbox without needing to pay for a license for the user account.

    According to this Microsoft documentation, it appears there is a 365 day limit to litigation holds.  If needing to hold email for longer than 365 days for compliance reasons, it appears that an "In-Place Hold" with Retention Policy is required.  My understanding is that Litigation Holds are short term.  "In-Place Hold Retention Policies" are Long Term.  Both are somewhat overlapping in what they do, although it's important to understand the difference, so we are not caught out of compliance in our duties.

    https://learn.microsoft.com/en-us/exchange/security-and-compliance/in-place-and-litigation-holds#in-...Opens a new window

    Time-based hold: Both In-Place Hold and Litigation Hold allow you to specify a duration of time for which to hold items. The duration is calculated from the date a mailbox item is received or created.

    If your organization requires that all mailbox items be preserved for a specific period, for example 7 years, you can create a time-based hold so that items on hold are retained for a specific period of time. For example, consider a mailbox that's placed on a time-based In-Place Hold and has a retention period set to 365 days. If an item in that mailbox is deleted after 300 days from the date it was received, it's held for an additional 65 days before being permanently deleted. You can use a time-based In-Place Hold in conjunction with a retention policy to make sure items are preserved for the specified duration and permanently removed after that period.


    Was this post helpful? thumb_up thumb_down
  • I would think backup is what you need and should have for a myriad of other reasons mainly that Microsoft clearly states the customer is the one responsible for their data.

    We provide cloud-to-cloud backup for Microsoft 365 to our clients using Veeam and can support virtually any retention period.

    You can delete the users in M365 and still retain backups for as long as you want. Works great.

    Was this post helpful? thumb_up thumb_down

Read these next...

  • Simple command to monitor Windows 10 temperature?

    Simple command to monitor Windows 10 temperature?

    Hardware

    I feel like this has probably been address before, although I was wondering if someone is aware of a simple command I can run to report the internal temperature of a Windows 10 PC?I think all computers monitor the temperature, although I've only found thi...

  • Remote access to DVR?

    Remote access to DVR?

    Security

    Hi!I have an older Hikvision DVR that I need to provide remote access to. The users would be mainly accessing it from their smartphones. I tested their software, iVMS, by assigning one of my public IP's to the DVR and it worked fine. However the issue is ...

  • Snap! -- Survival Kits, Forest Bubble on Mars, AI Movie Plots, Leprosy & Livers

    Snap! -- Survival Kits, Forest Bubble on Mars, AI Movie Plots, Leprosy & Livers

    Spiceworks Originals

    Your daily dose of tech news, in brief. Welcome to the Snap! Flashback: Back on December 6, 1907, Mathematical Logician J. Barkley Rosser Born (Read more HERE.) Bonus Flashback: Back on December 6, 1998, International Space Station assemb...

  • Spark! Pro Series - 6 December 2022

    Spark! Pro Series - 6 December 2022

    Spiceworks Originals

    Today in History: 6 December 1240 – Mongols led by Batu Khan occupy and destroy Kyiv after an 8 day siege; out of 50,000 people in the city only 2,000 survive 1849 – Harriet Tubman escapes from slavery in Maryl...

  • The most boring but interesting Phishing Attempt I've seen

    The most boring but interesting Phishing Attempt I've seen

    Security

    Hello There,We've recently had a phishy email come through to one of our employees with an attachment to something work related. But here's the interesting part: The email was spoofed. When checked, the address was that of our own domain, however the emai...