Recover Mailbox Data with Delicensing Resiliency Feature in Exchange Online

Have you ever faced the panic of accidentally removing a license in Exchange Online, leading to disrupted email services and mailbox data loss? Mistakes like these are common, especially with group-based licensing, but they don’t have to lead to data loss anymore! Microsoft’s Delicensing Resiliency feature is here to give admins a much-needed safety net—an extra 30 days to fix accidental errors and avoid permanent data loss.

Let’s explore the details of this feature.

Irrespective of the complexity in the name of the feature, the Delicensing Resiliency feature simply means:

• Delicensing: the removal of a license from a user’s mailbox.
• Resiliency: the added protection to prevent mailbox data loss immediately after an accidental or unintended license removal.

Rollout: Currently, this feature is available for tenants in the Commercial cloud only.

Prerequisite: The feature is opt-in and is not automatically enabled for your tenant. Administrators must enable it using PowerShell. The feature is available only to larger tenants with more than 10,000 non-trial Exchange Online licenses. In case of accidental delicensing for smaller tenants, if the administrator re-applies the license, mailbox recovery typically happens within the 24-hour provisioning delay period.

With the Delicensing Resiliency feature, admins are granted an extra 30-day grace period to access a mailbox after its license is removed. Admin and user notifications are also sent to proactively prevent the consequences of unintentional delicensing. These notifications are enabled by default once the feature is enabled.

Normally, when an Exchange Online license is removed from a user, a default 30-day grace period follows, during which the mailbox remains accessible. After this period, the mailbox data is deleted, and if the license is not reapplied, access to the mailbox is permanently lost.

With the Delicensing Resiliency feature enabled, an additional 30-day grace period is introduced before the default 30-day grace period begins. This means the total grace period is extended upto 60 days.

• First 30 days (Delicensing Resiliency grace period): Mailbox access is preserved, allowing admins to correct accidental removals or reapply the license if necessary.
• Next 30 days (Default grace period): Mailbox access is cut off, but the data is still recoverable until the end of the last 30-day period.

During this time, the user’s mailbox continues to function normally, giving admins ample time to fix any mistakes. Admins have the option to either re-apply license to the user, expedite the removal process, or leave the user unlicensed until the grace period expires. Once the license is reapplied during this 60-day window, the user can regain access to their mailbox. However, once the 60-day period ends, the mailbox data is permanently deleted.

To enable the Delicensing Resiliency feature, run the following PowerShell cmdlet:

Set-OrganizationConfig -DelayedDelicensingEnabled:$true

To verify if the feature has been enabled, use this cmdlet:

Get-OrganizationConfig | fl *DelayedDelicensingEnabledState*

If you decide to disable the feature later, you can do so with this cmdlet:

Set-OrganizationConfig -DelayedDelicensingEnabled:$false

Once you’ve enabled the Delicensing Resiliency feature, to see when the 30-day grace period will expire for a user, run the following PowerShell cmdlet:

 Get-PendingDelicenseUser

You can also monitor the grace period expiry directly from the Microsoft 365 admin center under Active users -> ‘License removed recently’.

As mentioned earlier, admins will receive proactive Service Health advisory notifications to alert them about any accidental or unintended delicensing of users. The notification provides a digest of any delicensing activity in your tenant over the past 8 days and lists the number of delicensed users who are within the 30-day grace period.

In addition to admin notifications, users will receive email reminders starting approximately 18 days after their license has been removed. These reminders are sent only to users who accessed or sent emails from their mailbox within 24 hours before the license was removed.

Points to Remember:

• This feature is not applicable for trial licenses or shared mailboxes.
• Mailboxes on hold are also excluded from this feature.

We hope this blog helps you get started with the new Delicensing Resiliency feature that helps you protect against accidental delicensing of Exchange Online mailboxes. Thanks for reading. If you have any questions or need further assistance, feel free to share them in the comment section.