PROBLEM
Backups/discovery of mailboxes fail for M365 Users.
CAUSE
As confirmed in this document, Microsoft has applied a patch to enhance their security mechanisms for EWS (Exchange Web Services), which changed the behavior of "EWSEnabled" tenant-wide switch in Exchange Online.
This in turn has an effect on backups and even discovery of mailboxes, as EWS must now be enabled at the organization and mailbox level for mailboxes to be discovered and successfully backed up.
SOLUTION
Via Exchange Admin Center (EAC)
- Sign in to Exchange Admin Center (EAC) using as Exchange administrator account
- Navigate to [Recipients] > [Mailboxes]
- Select the user's mailbox
- In the details pane, under General, click on [Manage email apps settings]
- Then enable [Exchange Web Services]
Via Exchange Online PowerShell
Below you'll find a set of commands which aim to review the current status of EWS at the organizational and mailbox level.
-
Check the current status of EWS at Organization level
Get-OrganizationConfig | Fl EwsEnabled
-
Get a list of all mailboxes where the EwsEnabled state is not set to $true
Get-CASMailbox -ResultSize Unlimited | Where-Object { $_.EwsEnabled -ne $true } | Select-Object Identity, PrimarySmtpAddress, EwsEnabled -
If the results from the above commands for either organisation or mailbox are not True, then access must be enabled:
Set-OrganizationConfig -EwsEnabled $true Get-CASMailbox -ResultSize Unlimited | Where-Object { $_.EwsEnabled -ne $true } | Set-CASMailbox -EwsEnabled $true
For individual mailboxes you can use the following command:
Set-CASMailbox name@company.com -EwsEnabled $true - Please keep in mind that these changes are purely environmental and not backup specific so please proceed with caution. Also be aware that the commands above can sometimes take ⁓24 hours to propagate, after which Backups/Discovery should be successful.