By Ashutosh GawaliIn the previous article, we have learnt the Types of Exchange Environment, in this article we will discuss about the types of mailboxes in Microsoft 365.
A mailbox is an object in Exchange online, which sends and receives the email, it also stores calendar item, tasks, emails, notes, 1 – 1 or 1 – N teams chat.
The administrator in the organization needs to assign an EXO plan 1 or EXO plan 2 license in order to create a mailbox (User mailbox), in some scenarios we do not need any license to create a mailbox (Shared mailbox, Resource mailbox).
Microsoft 365 sets default sending and receiving limits for all mailboxes. If a mailbox exceeds these limits, Microsoft 365 may block (restrict) the mailbox from sending or receiving more emails for 24 hours.
The restricted entities page in the Microsoft Defender portal displays the restricted users, and you can browse them by using the link https://security.microsoft.com/restrictedusers.
Microsoft article defines the other limits in Exchange Online.
Table of contents.
User Mailbox.
The administrator creates a user mailbox by assigning an EXO plan 1 or EXO plan 2 license to an active user in Microsoft Entra ID.
The EXO will try to provision the mailbox once it assigns the license in Microsoft Entra ID to the active user.
If there is a delay in provisioning the mailbox in EXO, Please follow the Microsoft Article Delays in provisioning of user/mailbox or synchronizing changes in Exchange Online
After executing the below PowerShell command for the email address / guid / alias of the mailbox, we will get the output.
PS C:\Users\ashutosh> get-mailbox "Ashutosh Gawali" | fl alias,RecipientTypeDetails,ExternalDirectoryObjectId,AccountDisabled,*soft*,*inactive*
Alias : AshutoshGawali
RecipientTypeDetails : UserMailbox
ExternalDirectoryObjectId : 4dd3****-****-****-****-****cfd9
AccountDisabled : False
IsSoftDeletedByRemove : False
IsSoftDeletedByDisable : False
WhenSoftDeleted :
WasInactiveMailbox : False
InactiveMailboxRetireTime :
IsInactiveMailbox : FalseAs we have some value in the ExternalDirectoryObjectId field in the output of the above PowerShell command, the user mailbox from EXO is connected to a user in Microsoft Entra ID.
IsSoftDeletedByRemove, IsSoftDeletedByDisable, WhenSoftDeleted, WasInactiveMailbox, InactiveMailboxRetireTime, IsInactiveMailbox is FALSE or NULL, this means that the user mailbox is not soft deleted or inactive. so the user mailbox is still active.
There are many ways you can access a mailbox.
- Outlook desktop for windows using (MAPI) protocol.
- Outlook for MAC using Exchange web services (EWS) protocol.
- Mobile devices (Android, iOS and iPadOS) using Exchange ActiveSync (EAS) protocol.
- Email clients that support IMAP and POP3 protocol.
- Using Outlook on the web (OWA) protocol by logging into https://outlook.office.com/owa
If the organization does not want the user to open the mailbox using any of the above method, then the administrator can simply turn off the protocol that the specific method uses.
The path to turn off the protocol is https://admin.exchange.microsoft.com –> Recipients –> Mailboxes –> select the mailbox in question –> General –> Email apps & mobile devices –> Manage email apps settings.
Archive Mailbox.
Archive mailbox is a type of mailbox which provide an extra space to hold the emails when the size of the user mailbox is full.
The archive mailbox is linked to the user’s primary mailbox, and it has a size of 100 GB.
If the user mailbox has EXO plan 1 license, then the organization has to assign the Exchange Online Archiving add-on license in order to enable the archive mailbox for the user mailbox.
For a user with EXO plan 2 license, there is no need to assign an extra license, archive mailbox can be enabled directly for a user with EXO plan 2 license.
If we execute the below PowerShell command we will get the output related to Archive mailbox for a user mailbox.
PS C:\Users\ashutosh> get-mailbox "Ashutosh Gawali" | fl *Archive*
ArchiveGuid : 5f5a****-****-****-****-****df85
ArchiveName : {In-Place Archive -Ashutosh Gawali}
ArchiveQuota : 100 GB (107,374,182,400 bytes)
ArchiveWarningQuota : 90 GB (96,636,764,160 bytes)
ArchiveStatus : Active
ArchiveState : Local
AutoExpandingArchiveEnabled : False
In the above Output, AutoExpandingArchiveEnabled is set to false, so ArchiveQuota and ArchiveWarningQuota is 100 GB and 90 GB respectively.
Once we enable the auto-expanding archiving for the user mailbox, the ArchiveQuota and ArchiveWarningQuota will be increased to 110 GB and 100 GB, this value will not reflect as below in PowerShell output.
PS C:\Users\ashutosh> get-mailbox "Ashutosh Gawali" | fl ArchiveQuota,ArchiveWarningQuota,AutoExpandingArchiveEnabled
ArchiveQuota : 110 GB (118,111,600,640 bytes)
ArchiveWarningQuota : 100 GB (107,374,182,400 bytes)
AutoExpandingArchiveEnabled : TrueIn order to delete the email from mailbox or move the emails from the user mailbox to archive mailbox, we can use retention tags and retention polices for Exchange Online.
lets say, the user mailbox is full and the archive mailbox is also full, then instead of deleting the email, the organization can enable auto expanding archive for the archive mailbox.
If auto expanding archive is enabled the archive mailbox size is increased from 100 GB to 110 GB and the archive storage can be increased up to 1.5 TB.
The mailboxes which are connected to the main archive mailbox after its size reaches 110 GB are called as Auxiliary Archive Mailboxes.
Shared Mailbox.
A shared mailbox does not require any license in EXO, by default the size of shared mailbox is 50 GB, if you want to increase the size of shared mailbox then an EXO Plan 2 license needs to be assigned.
Most of the features and settings of shared mailbox is similar to a user mailbox, except that the user account for shared mailbox is blocked (user account is disabled)
There is no password assigned to the shared mailbox user account, this means if you navigate to the url https://outlook.office.com/owa and enter the upn of shared mailbox you cannot login.
If we execute the below PowerShell command we will get the output related to a Shared Mailbox.
PS C:\Users\ashutosh> Get-Mailbox "Shared Mailbox" | fl RecipientTypeDetails,AccountDisabled
RecipientTypeDetails : SharedMailbox
AccountDisabled : True
In order for a user mailbox to access the content of a shared mailbox, we need to assign the full access permission to a user mailbox on the shared mailbox.
Once the above is done, the user mailbox can open https://outlook.office.com/owa (OWA) –> click on the name (on the top right-hand side) –> open another mailbox –> enter the email address of the shared mailbox.
OR the user opens the outlook application where the users mailbox is being used and the shared mailbox will be loaded on the left hand side panel of the outlook application (this process is called as automapping of mailbox).
For a user mailbox to send the email from a shared mailbox, the user mailbox needs to be assigned the send as and send of behalf of permission.
To provide the full access, send as and send of behalf of permission to a user mailbox on the shared mailbox, the administrator needs to navigate to https://admin.exchange.microsoft.com –> Recipients –> Mailboxes –> select the mailbox in question –> Delegation tab –> select full access, send as or send on behalf of permission and select the email address of user mailbox.
Soft Deleted Mailboxes.
By default, if an Active user is deleted from Microsoft Entra ID, it is stored in the soft-deleted state (in deleted users container) for 30 days before they are permanently deleted.
During these 30 days, the deleted user can be restored to be an active user using the steps mentioned in the article How to restore deleted user accounts in Microsoft 365, Azure, and Intune
If the organization does not want to wait till 30 days and want to delete the object, then the administrators can manually the delete the users from deleted users section. Once the objects are permanently deleted, they can no longer be recovered.
Soft deleted mailbox is when the active user associated with the mailbox is deleted and moved to deleted users container in Microsoft Entra ID, but still can be recovered within the 30 days time frame.
For a soft deleted mailbox, the value of ExternalDirectoryObjectId is still present and it is pointing to the objectID of the deleted user in Microsoft Entra ID.
If we execute the below PowerShell command we will get the output related to a soft deleted mailbox.
PS C:\Users\ashutosh> Get-Mailbox -SoftDeletedMailbox | fl alias,ExternalDirectoryObjectId,AccountDisabled,*soft*,*inactive*
Alias : Deleted.User
ExternalDirectoryObjectId : 55c1****-****-****-****-****9ca4c
AccountDisabled : True
IsSoftDeletedByRemove : True
IsSoftDeletedByDisable : False
WhenSoftDeleted : 14-01-2024 19:12:37
WasInactiveMailbox : False
InactiveMailboxRetireTime :
IsInactiveMailbox : FalseThe Account is Disabled, WhenSoftDeleted will show when the mailbox was soft deleted, the ExternalDirectoryObjectId is still present, this means the user in Microsoft Entra ID can be recovered.
Restoring the user from deleted users to active user in Microsoft Entra ID, will also restore the user mailbox into active mailboxes in EXO.
Hard Deleted Mailboxes.
We call a mailbox as hard deleted mailbox, if the mailbox is present in the soft deleted mailboxes container, and the user associated with the soft deleted mailbox is permanently deleted from the Microsoft Entra ID deleted users container and then the soft deleted mailbox will stay in the soft deleted state for 30 days.
The ExternalDirectoryObjectId of the hard deleted mailbox mailbox will be cleared (set to 000000-0000-0000-000000 / Null) as the associated user in Microsoft Entra ID is permanently deleted.
Lets take the example of the above user (Deleted.User) whose mailbox is still present in the soft deleted mailboxes container (WhenSoftDeleted is showing as 14-01-2024 19:12:37)
If we delete the user (Deleted.User) from Mirosoft Entra ID –> deleted users containers, then the ExternalDirectoryObjectId will be cleared (NULL) and the WhenSoftDeleted timestamp also changes to today’s date and time.
PS C:\Users\ashutosh> Get-Mailbox -SoftDeletedMailbox | fl alias,ExternalDirectoryObjectId,AccountDisabled,*soft*,*inactive*
Alias : Deleted.User
ExternalDirectoryObjectId :
AccountDisabled : True
IsSoftDeletedByRemove : True
IsSoftDeletedByDisable : False
WhenSoftDeleted : 26-01-2024 16:36:09
WasInactiveMailbox : False
InactiveMailboxRetireTime :
IsInactiveMailbox : FalseIf the organization wants to delete the mailbox present in the soft deleted mailboxes permanently then they have 2 options.
- OPTION 1: wait for the 30 days time frame (counted from the date of the whensoftdeleted parameter of get-mailbox command).
- OPTION 2: use the command remove-mailbox -permanatelydelete to delete the mailbox.
For recovering the mailbox they have the below options
- OPTION 1: recover the mailbox (a new user needs to be created using PowerShell and it will be connected to this soft deleted mailbox).
Undo-SoftDeletedMailbox "Deleted.User@aashu.co.in" -WindowsLiveID "Deleted.User@aashu.co.in" -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)- OPTION 2: restore the mailbox (content of the hard deleted mailbox is copied to the new mailbox, it this scenario both active and soft delete mailbox is present).
Get-Mailbox -SoftDeletedMailbox "Deleted.User@aashu.co.in" | Select-Object Name,ExchangeGuid //to identify the Guid of the soft-deleted mailbox that you want to restore the data from//
Get-Mailbox -Identity "New.Mailbox@aashu.co.in" | Format-List ExchangeGuid //to identify the Guid of the new mailbox that you want to restore the data to//
New-MailboxRestoreRequest -SourceMailbox <SoftDeletedMailboxGUID> -TargetMailbox <NewTargetMailboxGUID> //to restore the data from soft deleted mailbox to a new malbox//Inactive mailbox.
We call a mailbox an inactive mailbox, If a hold is applied to the mailbox prior to deleting the Microsoft 365 account. In this scenario the mailbox will be converted into an inactive mailbox.
Hold is a feature in Microsoft 365 which does not let the data delete from the mailbox, once the hold is applied on any mailbox, the mailbox and the data inside the mailbox cannot be deleted from EXO.
PS C:\Users\ashutosh> Get-Mailbox -InactiveMailboxOnly | fl alias,ExternalDirectoryObjectId,AccountDisabled,*soft*,*inactive*,*hold*
Alias : Deleted.User
ExternalDirectoryObjectId :
AccountDisabled : True
IsSoftDeletedByRemove : True
IsSoftDeletedByDisable : False
WhenSoftDeleted : 26-01-2024 16:32:54
WasInactiveMailbox : True
InactiveMailboxRetireTime :
IsInactiveMailbox : True
LitigationHoldEnabled : True
LitigationHoldDuration : UnlimitedRestoring and recovering the inactive mailbox is slightly different than restoring and recovering a hard deleted mailbox.
Steps to Restore an inactive mailbox
Steps to Recover an inactive mailbox
But if you want to delete an inactive mailbox, then we must remove all types of holds from the mailbox, only then we would be able to delete the hard deleted mailbox permanently.
Room Mailbox.
A room mailbox is a mailbox created to represent a physical location, such as a training room, conference room.
Using room mailboxes, the users can reserve these rooms by including room mailboxes in their meeting requests.
The organization can set the room mailbox to automatically accept the meeting request OR assign a delegate to the room mailbox, the delegate can then decide which meeting request to accept and which meeting request can be denied.
Equipment Mailbox.
A room mailbox is a mailbox created to represent a physical object that the organization owns, Example: Company Car, Projector, Microphone.
The users can reserve these mailboxes by including equipment mailboxes in their meeting requests.
The working and settings of Room mailbox and Equipment mailbox is same except that room mailbox represents a physical room and equipment mailbox represents an object that company owns.
Cloud-based storage for teams chat (which everyone call “Shadow Mailbox”).
By default Microsoft teams will store the 1 -1 or 1 – N teams chat in the user’s own primary mailbox.
If the user is using Microsoft teams but the primary mailboxis located in the on-premises Exchange server, then Microsoft teams cannot store the 1 -1 or 1 – N teams chat in the on-premises mailbox.
This is why Microsoft has created a cloud-based storage area to hold teams chat data for the user who using teams but the primary mailbox is located in the on-premises Exchange server.
To store Teams chat data for an on-premises user in a cloud-based storage, the user must be assigned a Microsoft Teams license and an Exchange Online Plan license in Office 365 (or Microsoft 365).
The on-premises user can’t access this cloud-based storage area.
When you migrate the primary mailbox of an on-premises user to the cloud, the Teams chat data for that user will be migrated to their new cloud-based primary mailbox.
Unified group mailbox / Microsoft 365 group mailbox
Microsoft 365 groups is a collaboration platform which connects different Microsoft 365 services (workloads) with each other.
When you create a Microsoft 365 group, it is known as a Microsoft 365 group mailbox or unified group mailbox.
This group mailbox will store emails, calendar and tasks. The Microsoft 365 group mailbox size is 50 GB.
The group mailbox will be visible in OWA and Outlook for all the users who are the member of the Microsoft 365 group.
Learn about Microsoft 365 Groups
Conclusion.
Microsoft 365 provides diferent types of mailboxes which helps the organization in retaining, deleting and processing the data easier.
Each mailbox in Microsoft 365 has its own importance and this product provides an organized platform to store, manage the data for the organization.
Active User Mailbox = Active user in Microsoft Entra ID + EXO plan 1 / plan 2 license assigned.
Shared Mailbox = Active user (no password) in Microsoft Entra ID + AccountDsiabled for mailbox in EXO.
Archive Mailbox = User mailbox + EXO plan 2 license or EXO plan 1 + Exchange Online Archiving license.
Soft Deleted Mailbox = Deleted user in Microsoft Entra ID + Deleted mailbox in EXO (ExternalDirectoryObjectId still present in EXO mailbox)
Hard Deleted Mailbox = User missing (already deleted) in Microsoft Entra ID + Deleted mailbox in EXO (ExternalDirectoryObjectId is NULL or set to 000000-0000-0000-000000)
Inactive Mailbox = User missing (already deleted) in Microsoft Entra ID + Deleted mailbox in EXO (ExternalDirectoryObjectId is NULL or set to 000000-0000-0000-000000) + Hold applied on mailbox before the mailbox was deleted.
Resource Mailbox (Room / Equipment) = Mailboxes created to represent physical room and equipment owned by the organization.
Shadow Mailbox = A mailbox created to hold the teams chat data for the user whose mailbox is located in the on premises exchange server.
Microsoft 365 Group Mailbox = A mailbox created when a Microsoft 365 group is created, this mailbox holds emails, calendar and tasks. it is used for collaboration between multiple members of the group.