Restricted users can access their mailboxes after a SetMailboxType 13.1 update in Office 365 Dedicated/ITAR

Symptoms
Users who should have restricted access to their Microsoft Exchange Server 2013 server mailboxes can access their mailboxes after the users' environment is updated to SetMailboxType 13.1 in Microsoft Office 365 Dedicated/ITAR.
Cause
This problem occurs because nonstandard protocol settings for mailboxes are reset to the plan default access settings during the transition to SetMailboxType 13.1.
Resolution
To resolve this problem, use the protocol setting properties on an Office 365 Dedicated/ITAR mailbox to control the default access methods of the mailbox plan. By default, for example, Kiosk users (formerly Deskless Workers) are restricted to accessing their mailboxes only by using Outlook Web App (OWA), Exchange Web Services (EWS) impersonation, Exchange ActiveSync, and POP3.

You can also restrict mailbox access by using the Set-CASMailbox cmdlet. For example, to disable POP3 access, run the following command:

Set-CASMailbox kioskuser1@contoso.com -PopEnabled $false
For more information about plan access defaults, see Messaging infrastructure and subscription plans.
More information
The plan default access settings are applied during the SetMailboxType 13.1 transition after the new mailbox provisioning code is set. This is by design because the system cannot know whether the customer intends for any given mailbox to have a nonstandard mailbox protocol setting. (Such a setting can be made by the customer explicitly through self-service or by some other unexpected issue.)

The customer can restore any intended custom mailbox protocol settings 48 hours after the new provisioning code is set and after the mailbox is successfully processed by the system. This is because custom mailbox settings can be maintained if the mailbox provisioning code does not change. A change in the mailbox provisioning code causes the system to process the mailbox again. Such a change also causes the custom protocol settings on the mailbox to be restored to standard protocol entitlements.

For more information about how to manage mailbox quotas and types, see the following Microsoft Knowledge Base article:

2673366 How to set mailbox quotas in O365 Dedicated
Changes to the protocol settings can be made 48 hours after mailboxes are processed by the updated system.



Properties

Article ID: 2978520 - Last Review: 12/11/2015 20:43:00 - Revision: 4.0

Microsoft Business Productivity Online Dedicated, Microsoft Business Productivity Online Suite Federal

  • vkbportal226 KB2978520
Feedback