Back

Deleting & Disabling Mailboxes in Exchange Hybrid 2013 & 2016

In theory, shutting down or disabling a user mailbox in Exchange hybrid 2013 and 2016 might seem simple. But when the time comes, plenty of unplanned scenarios can complicate this simple action. You may want to preserve the mailbox while blocking access or need to enable litigation hold and lock out a user for compliance purposes...

3 min read
Published on Mar 28, 2017
disabling-mailboxes-exchange-hybrid-2013-2016

In theory, shutting down or disabling a user mailbox in Exchange hybrid 2013 and 2016 might seem simple. But when the time comes, plenty of unplanned scenarios can complicate this simple action. You may want to preserve the mailbox while blocking access or need to enable litigation hold and lock out a user for compliance purposes.

In any case, these three scenarios will help you successfully disable an Exchange hybrid 2013 or 2016 user account.

Terminating Active Directory Synced Users

When an employee leaves your organization, the easiest way to remove the account from Office 365 is to delete or disable the user from Active Directory. This will force the Azure Active Directory Connect client to remove/disable the user in Office 365 during the next sync cycle.

Blocking Sign-in Access

If you need to preserve a user’s mailbox (but block access) you can disable the user’s account in Active Directory or follow the steps below in the Office 365 management portal.

IMPORTANT: Blocking an account can take up to 24 hours to take effect. If you need to immediately prevent a user’s sign-in access, you should reset the password in your on-premises Active Directory and force a directory sync:

  1. Sign in with your Office 365 global admin account at https://portal.office.com/adminportal/home

  2. In the Office 365 admin center, select Users. Office 365 admin center - users                 3. Select the user you want to terminate and choose Edit next to Sign-in status in the user pane. sign in allowed window 4. Finally, select Sign-in blocked. block sign in Office 365 hybrid configuration

Enable Litigation Hold & Terminate User

Many organizations are required to preserve mailbox data for a number of years to meet government compliance requirements, such as PCI, HIPAA or SOX. Placing a mailbox on litigation hold generally satisfies this requirement, but your organization must own at least one Exchange Online Plan 3 license or higher.

To place a mailbox on litigation hold:

  1. Log in to the Exchange Administration Console.
  2. Go to Recipients > Mailboxes.
  3. In the list of user mailboxes, click the mailbox you want to place on Litigation Hold then click Edit.
  4. On the mailbox properties page, click Mailbox features.
  5. Under Litigation hold: Disabled, click Enable to place the mailbox on Litigation Hold.
  6. On the Litigation Hold page, enter the following optional information:
    • Litigation hold duration (days): Use days to specify the duration. If left blank, the mailbox will be placed on hold indefinitely.
  7. Click Save on the Litigation Hold page, and then click Save on the mailbox properties page.

After placing the mailbox on litigation hold, you can delete the user in Active Directory to free up the Exchange Online Plan E3 license so you can place another mailbox on hold the next time an employee leaves your organization.

Looking to get more out of Office 365? Learn about our Office 365 consulting services or schedule a call today.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read
Top 10 Reasons to Partner with an MSP for Security and Compliance

Top 10 Reasons to Partner with an MSP for Security and Compliance

Discover why partnering with an MSP for security and compliance is critical for organizations navigating FAR CUI and CMMC requirements.

Feb 21, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation