[REWST - TASK] Offboard Exchange Actions
This modular workflow automates Exchange mailbox tasks during offboarding, like setting out-of-office replies, converting to shared mailboxes, and configuring forwarding. It also removes mobile devices, hides users from the GAL, and updates mailbox permissions. By automating these steps, MSPs can streamline offboarding, stay compliant, and avoid mistakes. The workflow uses conditional logic and PowerShell via the Microsoft EXO connector, with built-in error handling to keep things moving even if some steps fail.
This workflow contains 35 tasks.
Inputs
rmm_site - string
Provide the RMM site ID (optional)
idp_config - string
Accepted values are: on_prem, hybrid_no_sync, azure_ad, on_prem_only. If no value is provided value will be determined via org var logic.
forward_mail - boolean
If set to true, this will set the mail to forward.
Default:
{{- CTX.forward_mail |d(false) -}}
on_prem_user - array
Dictionary object of the On-Prem user.
Default:
{{ [ ] }}
hide_from_gal - boolean
If set to true, this will hide the user from the GAL.
Default:
{{ true }}
user_to_offboard - string
GUID of the Azure / Entra user.
convert_to_shared - boolean
If set to true, this will convert the user to a shared mailbox.
Default:
{{ true }}
set_out_of_office - boolean
If set to true, this will set the user's out of office message.
Default:
{{ CTX.set_out_of_office|d(false) }}
remove_all_licences - boolean
Used for decision logic, licenses handled in another flow.
Default:
{{ false }}
forward_mail_to_user - string
GUID of the Azure/Entra user to forward mail to.
remove_mobile_devices - boolean
If set to true, this will remove the user's mobile devices.
Default:
{{- CTX.remove_mobile_devices |d(true) -}}
shared_mailbox_action - boolean
If set to true, this will grant users access to the offboarded user's mailbox.
Default:
{{ true }}
shared_mailboxes_list - array
List of Azure / Entra GUIDs that will receive access to the offboarded user's mailbox.
Default:
{{ [ ] }}
external_out_of_office - string
External Out of Office message.
forward_mail_and_store - boolean
If set to true, then when forwarding mail it will also store the original message in the offboarded user's mailbox.
Default:
{{ true }}
internal_out_of_office - string
Internal Out of Office message.
customer_ad_configuration - string
Legacy, not in use.
Default:
{{- CTX.customer_ad_configuration -}}
shared_mailbox_no_automap - boolean
If set to true, then the offboarded user's mailbox will not be automapped to user's that were granted acces to it.
Default:
{{ true }}
shared_mailboxes_allow_send_as - boolean
If set to true, then user's who were granted access will also be granted Send As access.
Default:
{{ CTX.shared_mailboxes_allow_send_as|d(false) }}
Outputs
automation_log: Standardized Rewst automation log
success: Boolean; States if workflow was successful.
failures: List of failures.
output: Output of the workflow, if any is defined.
Key tasks
check_out_of_office: Validation/verification
exchange_online_selected: Core integration: noop
do_not_convert_to_shared_continue: Data conversion
do_not_remove_mobile_devices: Core integration: noop
check_add_shared_mailbox_permissions: Validation/verification
Jinja examples
Example 1
This expression validates if a user offboarding process should proceed based on the client's identity provider configuration. It checks if the identity provider (stored in CTX.idp_config
) is either on-premises, hybrid without synchronization, or Azure AD, and confirms a user exists in the CTX.user_to_offboard
variable. MSPs can customize this by modifying the list of acceptable IdP configurations to match their specific client environments, such as adding Okta or other identity providers. For example, you might extend it to: CTX.idp_config|d in ["on_prem", "hybrid_no_sync", "azure_ad", "okta"] and CTX.user_to_offboard|d and CTX.department_approval|d
.
Expression 2: On-Premises Environment with RMM Check
Example 2
This expression determines if workflow steps related to an on-premises-only environment with RMM tools should execute. It verifies the client has a strictly on-premises identity setup and confirms a default RMM tool is configured in the organization variables. MSPs can modify this to target specific RMM platforms or additional infrastructure requirements by changing the conditions or adding specific RMM tool checks. A practical variation might be: CTX.idp_config|d in ["on_prem_only"] and ORG.VARIABLES.default_rmm|d == "ConnectWise Automate"
to trigger specialized automation for a particular RMM tool.
Last updated
Was this helpful?