Rule description
This rule provides suspend possibility for Office 365 users and Guests.
An instance of the rule is automatically created during installation under the HOME > RULES > WebAdmin Rules (Pre-configured) folder. This instance is linked to Suspend web action and to AD Users | Suspend Expired AD Users, AD Users | Suspend Users, and other rules as a post-action rule in the Rules to run after section.
When to use this rule
You typically do not need to create an instance of this rule, as it is automatically created during installation and linked to the Suspend (AD and Office 365) and rules, listed above. The rule is executed when you perform Suspend on Office 365 user account or Suspend\Scheduled Suspend action on Active Directory user accounts if they have corresponding Office 365 user account.
When you perform Suspend action for Active Directory user account and also need to suspend the corresponding Office 365 account, you need to set Suspend related Office 365 user option to Yes. You can find this option in Suspend Active Directory user action and rules listed below:
- AD Users | Process Scheduled Suspends
- AD Users | Suspend Expired AD Users
- AD Users | Suspend Users
- Office 365 Users Inactive | Suspend Users
- Text file | Suspend AD Users
- Import SQL Data | Suspend AD Users
- Import Oracle Data | Suspend AD Users
Rule Settings
Query Section
Setting name | Description* |
---|---|
More options | |
Domain controller |
Select the domain controller to run the rule. |
Credentials |
Specify credentials to the selected domain controller. |
Action Section
Setting name | Description |
---|---|
Prevent Sign-in |
Use this setting to prevent the user their access to Office 365 account. |
Scramble Password |
Define whether to generate a random password for a user after suspend or not. |
Hide from GAL |
Hide a user from a Global Address List. |
Remove license, mailbox and archive mailbox |
When set to Yes, if AD user has a remote mailbox and archive mailbox associated, both have to be removed with license removal. To preserve user mailbox and archive mailbox data, either set this setting to No or set Convert to Shared mailbox setting to Yes. |
Put mailbox on Litigation Hold |
Specify No, revoke license immediately to disable the Litigation Hold and revoke license immediately after a user is suspended. Specify Yes, revoke license after litigation hold duration to place the mailbox on litigation hold and revoke a license after the litigation hold duration. Specify Yes, revoke license after litigation hold assignment has been completed to place the mailbox on litigation hold and revoke a license after the litigation hold assignment has been completed. After a mailbox is placed on litigation hold, messages can't be deleted from the mailbox. Deleted items and all versions of changed items are retained in the Recoverable Items folder. Items that are purged from the dumpster are also retained and the items are held indefinitely. If you enable litigation hold, single-item recovery quotas aren't applied. |
Litigation hold duration (days) |
Specify the number of days the mailbox items are held if the mailbox is placed on litigation hold. The duration is calculated from the date a mailbox item is received or created. |
Convert to Shared Mailbox |
Important: Cayosoft recommends converting user mailbox to shared mailbox after suspending action. In this case, the mailbox data and archive data don't get lost, and it allows to avoid the errors during undo suspend operation. For information about Undo Suspend Office 365 account, please see this KB20180531-1 article.
Specify Yes to convert to Shared mailbox. Specify Yes and grant manager full permissions on mailbox to convert to shared mailbox and give the manager the access to a user mailbox. Specify Yes and grant manager + delegates full permissions on mailbox to convert to shared mailbox and give the manager and delegates the access to a user mailbox. Specify Yes and grant delegates full permissions on mailbox to convert to shared mailbox and give the delegates the access to a user mailbox. Specify No to keep the mailbox as is, without converting to a shared mailbox. |
Delegates (Shared Mailbox) |
You can specify delegates who will have the access to a user mailbox after this user is suspended. For details, please see the previous setting Convert to Shared mailbox. |
Set Forward address |
Specify No if you don't need to get emails that will be sent to suspended users. Specify Forward local to forward emails sent to suspended users to the local mailbox. Specify Forward External Mailbox to forward emails sent to suspended users to the external mailbox. |
Forward Address |
You can specify the forward address to forwarding emails sent to suspended users. |
AD attribute to store license remove date |
Specify Active Directory attribute to store license remove the date. |
Email Connectivity |
|
Disable Exchange ActiveSync Disable OWA for Devices Disable MAPI Disable POP3 Disable IMAP4 |
Specify these settings to enable or disable access to the mailbox by using the corresponding protocol clients.
|
Remote Device Wipe (Exchange ActiveSync) |
|
Delete all data from a mobile phone via Exchange ActiveSync |
Specify whether to wipe from a user phone all corporate data after this user is suspended. Note: If you are using Intune, you should be using Intune to trigger data removal, not Exchange. Depending on the scenario, it could be accomplished via App Protection Policy selective wipe, or Device enrollment retire/wipe commands.
|
Email address for the remote device wipe confirmation (optional) |
You can specify an email address for the remote device wipe confirmation. |
Autoreply Message |
|
Set Autoreply Message |
Specify whether to set autoreply message after a user is suspended and don't have access to his mailbox anymore. |
Autoreply Message |
Specify autoreply message text. |
OneDrive settings |
|
Change Personal Site Admin |
Specify Do not change if you don't want to change personal site admin after a user is suspended. Specify Set specified account(s) if you want to change personal site admin after a user is suspended. Specify Try to set manager as owner if empty or disabled then assign specified account(s) if you want to change personal site admin after a user is suspended. |
New OneDrive Personal Site owner(s) |
You can specify one or more User Principal Names separated by ";" that will be new personal site admins after a user is suspended. |
* Certain details and information for the settings are taken from the Microsoft Docs.
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
8.1.0 |
Suspend for Office 365 guests was added. |
7.3.0 |
The rule supports mapping between Active Directory user account and Cloud user account by anchor attributes. |
6.4.0 |
These settings are renamed: 1. Remote Device Wipe > Remote Device Wipe (Exchange ActiveSync) 2. Delete all data from a mobile phone > Delete all data from a mobile phone via Exchange ActiveSync 3. Note added. |
Comments
0 comments
Please sign in to leave a comment.