Exchange management policies

Description

This playbook identifies Microsoft 365 distribution groups that currently have no assigned owners. 

It displays the group's name and confirms that the total number of owners is zero for each listed group. Having an assigned owner is crucial for proper oversight and management of distribution groups within an organization. 

This tool allows administrators to quickly pinpoint any ownerless groups and take necessary actions to assign appropriate ownership, ensuring proper governance over these collaboration spaces.

Remediation action

1. Send a report to specified recipients (one or more)

What you can configure

• Establish the conditions under which the report is sent
• Choose the file format
• Compose the email body
• Type the recipient(s) of the report (custom address)
• Schedule the recurrence of the remediation action

Description

This playbook is designed to help you find shared mailboxes that haven't been active recently. 

It shows the mailbox's display name, the number of emails received and sent in the last 30 days, and the principal name associated with the mailbox. 

It's a useful tool for identifying and managing shared mailboxes that may no longer be in use.

Remediation action

1. Send attestation to a specified recipient (optional)
2. Execute the action “Remove mailbox”

What you can configure

• Change the recipient of the attestation to either the manager, a custom address, or choose not to send the attestation
• Insert an additional message
• Define the attestation timeout days
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook is designed to identify mailboxes that have exceeded their send/receive quota. 

It shows the user principal name, the set quota in megabytes (MB), and the percentage of the quota used. 

This tool assists in monitoring mailbox usage and ensuring that users remain within the operational limits of their email accounts.

Remediation action

1. Enable the Mailbox archive, by forcing the “Has archive” set to “True” for the mailbox
2. Send an alert to the mailbox owner to inform them of the issue and provide guidance on how to manage the mailbox properly

What you can configure

• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook identifies mailboxes that have surpassed their warning quota limit. 

It displays the display name of the mailbox, whether it has an archive, the percentage of the warning quota used, the warning quota in megabytes (MB), and the user principal name. 

This tool is essential for managing mailbox sizes and preventing potential disruptions in email service due to quota exceedances.

Remediation action

1. Enable the Mailbox archive, by forcing the “Has archive” set to “True” for the mailbox
2. Send an alert to the mailbox owner to inform them of the issue and provide guidance on how to manage the mailbox properly

What you can configure

• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook provides a list of mailboxes where auditing is currently turned off. 

It shows the display name of each mailbox, confirms that audit is not enabled, and includes the user principal name. 

It also has a column for the manager, which can be useful for follow-up. This tool is critical for ensuring compliance and security within your organization's email system.

Remediation action

1. Send attestation to a specified recipient (optional)
2. Execute the action “Enable Mailbox audit”

What you can configure

• Change the recipient of the attestation to either the manager, or a custom address, or choose not to send the attestation
• Insert an additional message
• Define the attestation timeout days
• Define the number of days after which the links expire
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook is set up to identify mailboxes that have external forwarding enabled. 

It lists the display name, the user principal name, and verifies that external forwarding is active. 

It also shows the forwarding destination, both as an address and SMTP, and includes the forwarding rules applied, as well as the account type. 

This tool is useful for monitoring mail flow and ensuring that data security policies are being followed.

Remediation action

Send attestation to a specified recipient (optional)

What you can configure

• Establish the conditions under which the report is sent
• Choose the file format
• Compose the email body
• Type the recipient(s) of the report (custom address)
• Schedule the recurrence of the remediation action

Description

This playbook provides a list of shared mailboxes where the credentials are currently active and not blocked.

It displays the display name of each mailbox, confirms that the block credential status is false, and identifies the mailbox as a shared type. It also includes the user principal name associated with each mailbox. 

This tool is useful for ensuring that shared mailboxes are accessible to authorized users and for monitoring security settings.

Remediation action

Execute the action “Enable sign-in status”, that blocks sign-in for the account that's associated with the shared mailbox ("Block sign-in" status)

What you can configure

• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook is designed to identify shared mailboxes that have not been delegated to any users. 

It lists the user principal name and confirms the recipient type as a shared mailbox. It also shows that the number of mailbox delegates is zero, indicating no delegation. 

This tool is useful for administrators to review and manage delegate access to shared mailboxes within an organization.

Remediation action

Send an alert to a specified recipient to inform them of the issue and provide guidance on how to manage the mailbox properly

What you can configure

• Type the recipient of the email (custom address)
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook focuses on unlicensed shared mailboxes that are nearing their storage capacity limit of 50GB. 

It lists the display name, mailbox size in megabytes (indicating those between 47,000 MB and 50,000 MB), the user principal name, and the recipient type details to confirm the mailbox is shared. 

It also includes a column for the manager, which may be useful for administrative follow-up. 

This tool is essential for managing mailbox storage and preventing service interruptions due to exceeded storage limits.

Remediation action

Send an email to a specific recipient (Manager or Custom address) giving proper advice to reduce mailbox size

What you can configure

• Change the recipient of the email to either the manager or a custom address
• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action

Description

This playbook is designed to identify users whose mailboxes are not placed under litigation hold.

It lists the display name, user principal name, and recipient type details, confirming that these are user mailboxes. 

It also shows the litigation hold status as false and includes both the manager's user principal name and display name. 

This tool is essential for managing compliance and ensuring that data is preserved for legal reasons when necessary.

Remediation action

1. Execute the action “Enable Litigation Hold”
2. Send an alert to the User Principal Name

What you can configure

• Enable/disable the email alert if the workflow fails
• Schedule the recurrence of the remediation action