A year ago, Microsoft announced some changes around the mailbox recovery options for Exchange Online customers. In a nutshell, they introduced the New-MailboxRestoreRequest cmdlet, which can be used to easily copy the data from any soft-deleted mailbox. You can read my summary of the process here: https://www.michev.info/Blog/Post/1112/
In the original announcement, they also mentioned that they will be making some changes around the Get-RemovedMailbox cmdlet. More specifically, they are removing the cmdlet. Which in turn results in removing the ability for Office 365 administrators to recover hard-deleted mailboxes. Well, the changes are now rolled out to all Exchange Online tenants, without much noise. No blog posts, no updates on the TechNet documentation, no notification on the Message Center, nada. The only relevant bits of information I was able to find are updates on the original blog post. Here’s what the updates say:
|Update 06/11/2015: We have now disabled the old method of recovering a mailbox (which involved using Get-RemovedMailbox and New-Mailbox –RemovedMailbox) and we no longer support the recovery of hard deleted mailboxes.|
And another bit at the end of the article:
NOTE: Unless you place the mailbox on litigation or in-place hold prior to hard-deleting the user account, there is no recovery method available to you from Exchange Online to restore the mailbox or its contents. If you place the mailbox on hold first, it will be flagged as an inactive mailbox and the New-MailboxRestoreRequest CMDlet will be available to you. For more information on inactive mailboxes see: Manage inactive mailboxes in Exchange Online.
Those updates caught me unprepared. What they really mean is that we should be extra careful when removing accounts. Previously, even if we deleted the user account and then removed it from the Recycle bin as well, we had some options to restore the mailbox. With those changes, the lifecycle has been updated to the following:
- If you delete the user account, the associated mailbox will be moved to the Soft-deleted container and can be recovered by restoring the user account. In general, you can follow the steps in KB 2619308.
- If for whatever reason you are not able to restore the original user account, you can use the New-MailboxRestoreRequest cmdlet to restore the content of the deleted mailbox to a new one (actually, you can use the cmdlet multiple times, as it does not affect the soft-deleted mailbox). This can only be done in the 30days grace period for the soft-deleted mailboxes!
- If at any point the user account is removed from the recycle bin as well (so either 30 days have passed or you forced the removal via Remove-MsolUser -RemoveFromRecycleBin), the associated mailbox will be removed from the soft-deleted container! It is now in the hard-deleted state and there is NO way for Office 365 administrators to recover it. Contacting support might yield some results, but that’s not something you should count on.
- To prevent unrecoverable loss of data, at least when it comes to Exchange, make sure to put the mailbox on hold before deleting the user account. This will provision it as the so-called Inactive mailbox, which is kept even after the 30 days grace period. Inactive mailboxes also offer additional recovery methods, as discussed here. Data associated with other workloads will *not* be preserved.
Now, of the bright side, these changes bring a functionality that has long been requested by some organizations – the ability to immediately purge a user account. While useful for some, unintentional purging might prove a disaster for others (resume-generating event as they call it), so I’m doing my part in trying to bring some awareness J