Exchange® (Online) Mailbox Lifecycle Plugin

What Does The Plugin Do?

tenfold automates Exchange mailbox management processes and reduces the admin workload for joiner-mover-leaver operations. When a new person joins the organization, tenfold automatically creates a new mailbox for that person. If they move to another location, tenfold automatically moves the mailbox to the appropriate mailbox database. If the person leaves the company, tenfold will automatically archive or delete the mailbox. All of these changes remain completely transparent and can be reconstructed by admins anytime.

Exchange Online Environments

The Exchange (Online) Mailbox Lifecycle Plugin supports both on-premise Microsoft Exchange® installations as well as hybrid Exchange Online environments in Microsoft® 365. You do not need this plugin for cloud-only environments because here the mailbox is created automatically as part of the licensing process.

Access Management in Exchange (Online)

To learn about tenfold’s services for managing Exchange mailbox and folder permissions, visit tenfold Access Management for Exchange. For information regarding Microsoft 365® support, please visit the Azure AD Plugin page.

Required License

tenfold Essentials PLUS

System Requirements

The following Exchange versions are supported:

  • Microsoft Exchange Server® 2013
  • Microsoft Exchange Server® 2016
  • Microsoft Exchange Online® 2019

Note: For information regarding Microsoft 365® support, click here.

Other Requirements

  • You must have a service account with the appropriate privileges to create, move, and deactivate mailboxes.
  • Changes are made using the PowerShell cmdlets for Exchange provided by Microsoft. These must be installed on the server that is used for executing commands.
  • You must install the tenfold Agent in order to run the PowerShell scripts on the server.


  • Create new mailbox and select mailbox database based on user attributes (e.g. department, location)
  • Set the email address through an individual script or the Exchange recipient policy
  • If a user attribute (on the basis of which the mailbox database is selected) is modified, tenfold automatically moves the mailbox to the now relevant database.
  • If someone changes their name, tenfold automatically adapts that person’s e-mail address to the new name (if desired).
  • Depending on the configuration, tenfold moves the mailbox to an archive database.
  • Further, it automatically deactivates the mailbox.
  • Automation: tenfold transmits changes to users or privileges automatically, which saves time because you no longer have to perform such tasks manually.

  • Reporting: At the click of a button, tenfold provides a clear overview of who has access to what, or which privileges an individual user has access to.

  • Profiles/RolesPrivileges can be grouped together with resources and privileges from other target systems and linked to organizational units. This way, privileges will be assigned and revoked automatically, e.g. when users change departments.

  • Approval workflows: Both one-step and multi-step workflows are supported.

  • Recertification: Data owners can regularly review permissions to ensure they are up to date and mark obsolete entries for removal. tenfold then removes flagged permissions automatically. Learn more about recertification with tenfold.

  • Auditing: Changes to permissions are documented automatically. You can access historical data at any time and track who had access to sensitive data. Learn more about change tracking.

  • Integration of data owners: Specify data owners whose job it is to look over certain privileges and who must approve requests as well as review privileges at regular intervals.

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Visit our blog for more tips & tricks on cyber security!