I need to temporarily disable a users access to their Office 365 email but not their regular AD account. I don't want to delete the mailbox as emails need to stick around. Our AD is synced with O365.
If I Block sign-in via the O3655 admin centre, it's re-enabled shortly after as the AD account is not disabled. As a work around I have disabled IMAP, POP3, OWA etc in their exchange properties but was wondering if there was a better way of doing this, an AD attribute possibly?
I imagine this link having some relevance, no? It's for On prem, but it isn't similar enough? You mentioned having done IMAP, POP, and OWA (which is really Outlook on the web referenced in the link). The last one to disable would be MAPI. To disable all of the different types of access, you could use the Set-CASMailbox cmdlet,