Delicensing Resiliency Protects Against Data Loss – Should Be Available to All

According to an EHLO July 15 post, Microsoft has decided to reduce the threshold for delicensing resiliency from the original level of 10,000 mailboxes announced in November 2024 to 5,000. In other words, the feature to protect against inadvertent data loss due to mailboxes becoming unlicensed is only available for tenants with more than 5,000 mailboxes.

I think the feature should be available to all Exchange Online tenants. Apart from some notional accounting savings accrued by removing unlicensed mailboxes from tenants without a 30-day grace period, Microsoft has no good justification for restricting delicensing resiliency to large tenants. Here’s why.

A Sticking Plaster for Group-Based Licensing

First, delicensing resiliency is a sticking plaster fix to a problem in Microsoft group-based licensing that can cause an account to end up in a situation where it has no license that includes an Exchange Online service plan. When this happens, Exchange Online detects the unlicensed state of the mailbox and disconnects the mailbox to make it inaccessible. The grace period granted through delicensing resiliency allows administrators the time to recognize and correct license allocation mistakes.

The problem was more evident before Exchange Online supported license stacking (the ability for an account to have several licenses with Exchange Online service plans). Stacking allows a mailbox to remain licensed even when an Exchange license is removed from an account. But group-based licensing can become complex when multiple groups are used to assign licenses, including dynamic groups. A change to someone’s membership of a group (or a change to a property that includes them in a dynamic membership) can result in license removal and hence a mailbox disconnection.

It would be better if Microsoft sorted out group-based licensing to remove the possibility of accounts becoming unlicensed. Perhaps the Microsoft 365 admin center, which took responsibility from Entra ID for the management UX for group-based licensing in 2024, could develop a “what if” feature to show administrators what will happen if a change is made to a group and warn against removal of access to critical apps like Teams and Exchange. And in the interim, Exchange Online could make delicensing resiliency available to all tenants.

OneDrive for Business is the Other Major User Personal Storage

It’s not as if such a step would be something new and dramatic. The default retention period for OneDrive for Business accounts belonging to deleted user accounts is 30 days, and that period can be extended to allow nominated individuals to check OneDrive to harvest essential business information. OneDrive and mailboxes are the two primary personal storage locations within Microsoft 365. A similar level of access to the two types of objects should be possible following license removal (often because of account deletion).

Use Retention to Make Unlicensed Mailboxes into Inactive Mailboxes

Another reason for extending delicensing resilience to all tenants is that “big” tenants usually can protect against inadvertent deletion by putting a retention or litigation hold (or holds) on mailboxes to ensure that Exchange Online puts deleted mailboxes into an inactive state. This is another good way to ensure that mailboxes remain available even if a deletion in error occurs. Inactive mailboxes are available to any size of tenant that can set retention holds and there’s no arbitrary number of mailboxes that must be met.

Delicensing resiliency is easier for tenants to use than inactive mailboxes are because the mailboxes remain online and connected. Inactive mailboxes need to be reconnected through administrator intervention. That might have an advantage because the administrator might then understand that a problem exists in how the tenant manages licenses.

All We Need is Simplicity and Consistency

Although there is goodness in building features that protect against data loss, it would be even better if Microsoft was consistent in its policies and practices for controlling user data across the entire Microsoft 365 suite. We’re 14 years into the Office 365 era and while great progress has been made in some area to achieve consistency across workloads, gaps still exist. Blaming the roots of on-premises products is not acceptable any longer. Joined-up thinking is needed, and that doesn’t appear to be the case here.

In the interim, if your tenant has more than 5,000 mailboxes, update your organization configuration to enable Delicensing Resliency using the following command:

Set-OrganizationConfig -DelayedDelicensingEnabled:$true

Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365. Only humans contribute to our work!