My organization is early in a Microsoft 365 migration journey and I am currently working through our Exchange Online migration. One of our ICT staff recently asked a question about mailboxes, and in the process of writing my response I realized that I had essentially written a blog post that others may find valuable. These are my thoughts and understanding as a novice Office 365 Architect so please let me know if you find any inaccuracies.
Question: What is the difference between the different types of mailboxes in Office 365 / Exchange Online and why/when to use them?
There are three types of mailboxes:
User Mailbox – requires an Office 365 license. Right now, any mailbox marked as a user mailbox will consume a full Office 365 license (which don’t come cheaply). A user mailbox is required when somebody (or an application) needs to actually log in to check mail. This means you could use the account credentials and login at outlook.office.com. There are cheaper – Exchange Only – licenses that should certainly consider this is occurring often. Licenses could be purchased as needed outside of a cloud licensing agreement and just be billed on a monthly basis for those active accounts.
- Comes with 100GB mailbox (which is extendable) and Exchange Online Archive (with unlimited storage) [Exchange Online Plan 2]
- In an on-premises world Accounts may have been created through an automated provisioning process to get the mailbox just because it was easy – this causes quite a headache in an Exchange Online migration scenario
- Active users in Office 365 = €
Shared Mailbox – €0 a Shared Mailbox does not have all of the features as a user mailbox (i.e. it only gets a 50GB mailbox, no Exchange Online Archive, etc.), and it does not have a user account. Nobody can log into a mail application as the shared mailbox because there are no credentials. Users that have been given delegate access to the mailbox can easily access it from Outlook, and it is added via auto-discover for those that have full access. Shared Mailboxes also have their own calendar.
- After an Exchange Online migration Shared Mailboxes should be created directly in the Exchange Online Admin Center and should no longer have a user account created – this is a wasted effort and costs the company money if the account is not converted from a User Mailbox to Shared Mailbox
Resource Mailbox (Rooms) – €0 these mailboxes are considered resources and are primarily used for their calendar. They are rooms, projectors, multimedia carts, etc.
There are others such as inactive mailboxes, but we will not discuss them here.
Other considerations – Groups:
Distribution Lists – In an on-premises organization distribution lists are created through Active directory on-premises which allows the owner of the DL to manage membership directly in Outlook. A side effect of Exchange Online Migration (when things are running in a hybrid fashion) is that owners can no longer manage their own lists in the current design. Keep this in mind as end user communication needs to include this and support processes will have to be altered. Distribution lists can also be created directly in Office 365; this should be the path going forward, and it will again allow owners to manage membership.
- This isn’t really a bad thing as Distribution Lists in AD on-premises can’t be used for anything beyond mail anyway (i.e. like using the group for permissions to a file share, SharePoint on-prem, or other resource)
- One approach to on-premises distribution lists is to convert them to Exchange Online (cloud only) distribution lists. This can be run as a bulk job and migrated/converted DLs will no longer sync down to on-premises Active Directory
Dynamic Distribution Lists – Dynamic Distribution Lists are distribution lists that are built on an LDAP query – this means that as long as users’ AD information is correct and kept up to date, they will automatically be included in the Distributions without any administrative interaction. However, any on-premises Dynamic Distribution lists will need to be recreated in the cloud environment taking care to validate the query against the Office 365 and Exchange Online attributes.
Mail Enabled Security Groups – These have always been a powerful type of group because they can be used for permissions and mail. Delegation of Shared Mailboxes works well with this type of group while a Distribution Group cannot be used for delegation
Office 365 Groups – Full lesson plans and blogs are available for O365 groups, and any administrator or architect needs to have a full understanding of Office 365 groups. This type of group is extremely powerful in the collaboration space within Office 365 – it will likely be one of the greatest impacts on the Collaboration strategy for any organization migrating to Office 365. An Office 365 group is something that a user (probably specific users or groups of users that have been trained [e.g. SharePoint key users]) can create on their own. If end user group creation is not turned off in your tenant you will find by clicking the People tab in your Outlook…next to New Contact Group you’ll eventually have a “New Group” option that will allow you to name your group and assign members (this is easier to find in Outlook on the web).
Pros – when an Office 365 group is provisioned
- A new SharePoint Online TeamSite is provisioned for file collaboration – No More File Shares!!! Yay
- A new Shared Calendar is created
- A new shared mailbox/distribution list is created. Any member added after creation has access to past conversations
- A new Planner is available (Planner is Microsoft’s primary response to solutions like Trello and less so Jira). It is a drag and drop task management and project coordination solution.
- Will integrate directly with another future arm of Exyte’s Collaboration strategy – Microsoft Teams.
- Available for permissions across the Office 365 suite
Cons – Office 365 groups cannot be used for on-premises uses such as file shares, application permissions, etc. However, if those File Shares or Applications were hosted in Microsoft Azure these Office 365 groups could be employed for permissions.