What are unused Exchange Online mailboxes and how to identify them?
Unused Exchange Online mailboxes are user mailboxes which are currently not being used by their users. There are 3 ways in which we can identify if a mailbox is unused or not. They are:
- The mailbox has been devoid of activity for a prolonged time. If there are no incoming or outgoing emails from the mailbox for an extended period, it can be classified as an unused account.
- The mailbox has not been logged into for a long time. If there has been no login activity in the mailbox, it likely leads to the fact that no one is using that mailbox.
- The owner of the mailbox is no longer with the organization. If the person who used to use that mailbox leaves and the administrator forgets to delete it, it becomes an unused mailbox.
With the per user cost of Exchange Online being $4, organizations have to pay $4 each for everyone of the unused Exchange Online user mailboxes present in their domain.
These unused mailboxes also result in wastage of licenses that can be assigned to other users. They also interrupt migration processes, wastage of storage space and can stand in the way of IT resource auditing.
Approaches to be taken by an administrator
There are some approaches an administrator can take once they come across unused Exchange Online mailboxes:
- Contact its user to find out why the account is unused.
- Put a retention hold on the mailbox and delete the account to save licensing costs.
- Convert the unused account to a shared mailbox to save licensing costs while retaining mailbox data.
Whichever option they choose, unused Exchange Online mailboxes are best avoided as they pose both unnecessary financial costs and security concerns.
Finding unused Exchange Online mailboxes using PowerShell
You can run a script using the Exchange management shell to generate a list of users with required parameters like last log on time, etc.
The script below gives you a list of all mailboxes in your tenant arranged according to the last log-on date. You can discover when each user last logged on. The mailbox will be marked as inactive with the DisplayName, LastLoggedOnUserAccount, and LastLogonTime data if the last log on date was more than ninety days ago when this cmdlet was run.
Script 1:
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where{$_.Lastlogontime -lt (Get-Date).AddDays(-90)} | Select DisplayName, LastLoggedOnUserAccount, LastLogonTime
This above method is sometimes prone to errors as Exchange counts logins from Exchange Online service accounts. So, if a service account had accessed the unused mailbox to create a backup, Exchange Online counts it as a log on. Due to this, many of the unused mailboxes will be categorized as active. That is why we use other variables such as newest item receive date to get more accurate data. You can find the mailboxes classified according to the date it received the latest mail using the script below.
Script 2 :
$path = "c:\filename.csv"
$mb = Get-EXOMailbox -RecipientTypeDetails Sharedmailbox -ResultSize unlimited
Write-Host $mb.Count items.
foreach ($m in $mb)
{
Write-Host Checking: $m.PrimarySmtpAddress - $counter
$counter ++
Get-EXOMailboxFolderStatistics -identity $m.PrimarySmtpAddress -IncludeOldestAndNewestItems | sort newestItemReceivedDate | where {$_.newestItemReceivedDate -ne $null} | select Identity,newestItemReceivedDate -last 1 | Export-Csv $path -Append -NoTypeInformation
}
The export CSV command exports the data into a CSV file and saves it at the path specified. This file can be used for further scrutiny.