[REWST - TASK] Offboard Exchange Actions

This modular workflow automates Exchange mailbox tasks during offboarding, like setting out-of-office replies, converting to shared mailboxes, and configuring forwarding. It also removes mobile devices, hides users from the GAL, and updates mailbox permissions. By automating these steps, MSPs can streamline offboarding, stay compliant, and avoid mistakes. The workflow uses conditional logic and PowerShell via the Microsoft EXO connector, with built-in error handling to keep things moving even if some steps fail.

This workflow contains 35 tasks.

Inputs

  • rmm_site - string

    • Provide the RMM site ID (optional)

  • idp_config - string

    • Accepted values are: on_prem, hybrid_no_sync, azure_ad, on_prem_only. If no value is provided value will be determined via org var logic.

  • forward_mail - boolean

    • If set to true, this will set the mail to forward.

    • Default: {{- CTX.forward_mail |d(false) -}}

  • on_prem_user - array

    • Dictionary object of the On-Prem user.

    • Default: {{ [ ] }}

  • hide_from_gal - boolean

    • If set to true, this will hide the user from the GAL.

    • Default: {{ true }}

  • user_to_offboard - string

    • GUID of the Azure / Entra user.

  • convert_to_shared - boolean

    • If set to true, this will convert the user to a shared mailbox.

    • Default: {{ true }}

  • set_out_of_office - boolean

    • If set to true, this will set the user's out of office message.

    • Default: {{ CTX.set_out_of_office|d(false) }}

  • remove_all_licences - boolean

    • Used for decision logic, licenses handled in another flow.

    • Default: {{ false }}

  • forward_mail_to_user - string

    • GUID of the Azure/Entra user to forward mail to.

  • remove_mobile_devices - boolean

    • If set to true, this will remove the user's mobile devices.

    • Default: {{- CTX.remove_mobile_devices |d(true) -}}

  • shared_mailbox_action - boolean

    • If set to true, this will grant users access to the offboarded user's mailbox.

    • Default: {{ true }}

  • shared_mailboxes_list - array

    • List of Azure / Entra GUIDs that will receive access to the offboarded user's mailbox.

    • Default: {{ [ ] }}

  • external_out_of_office - string

    • External Out of Office message.

  • forward_mail_and_store - boolean

    • If set to true, then when forwarding mail it will also store the original message in the offboarded user's mailbox.

    • Default: {{ true }}

  • internal_out_of_office - string

    • Internal Out of Office message.

  • customer_ad_configuration - string

    • Legacy, not in use.

    • Default: {{- CTX.customer_ad_configuration -}}

  • shared_mailbox_no_automap - boolean

    • If set to true, then the offboarded user's mailbox will not be automapped to user's that were granted acces to it.

    • Default: {{ true }}

  • shared_mailboxes_allow_send_as - boolean

    • If set to true, then user's who were granted access will also be granted Send As access.

    • Default: {{ CTX.shared_mailboxes_allow_send_as|d(false) }}

Outputs

  • automation_log: Standardized Rewst automation log

  • success: Boolean; States if workflow was successful.

  • failures: List of failures.

  • output: Output of the workflow, if any is defined.

Key tasks

  • check_out_of_office: Validation/verification

  • exchange_online_selected: Core integration: noop

  • do_not_convert_to_shared_continue: Data conversion

  • do_not_remove_mobile_devices: Core integration: noop

  • check_add_shared_mailbox_permissions: Validation/verification

Jinja examples

Example 1

{{ CTX.idp_config|d in [\"on_prem\", \"hybrid_no_sync\", \"azure_ad\"] and CTX.user_to_offboard|d }}

This expression validates if a user offboarding process should proceed based on the client's identity provider configuration. It checks if the identity provider (stored in CTX.idp_config) is either on-premises, hybrid without synchronization, or Azure AD, and confirms a user exists in the CTX.user_to_offboard variable. MSPs can customize this by modifying the list of acceptable IdP configurations to match their specific client environments, such as adding Okta or other identity providers. For example, you might extend it to: CTX.idp_config|d in ["on_prem", "hybrid_no_sync", "azure_ad", "okta"] and CTX.user_to_offboard|d and CTX.department_approval|d.

Expression 2: On-Premises Environment with RMM Check

Example 2

{{ CTX.idp_config|d in [\"on_prem_only\"] and ORG.VARIABLES.default_rmm|d }}

This expression determines if workflow steps related to an on-premises-only environment with RMM tools should execute. It verifies the client has a strictly on-premises identity setup and confirms a default RMM tool is configured in the organization variables. MSPs can modify this to target specific RMM platforms or additional infrastructure requirements by changing the conditions or adding specific RMM tool checks. A practical variation might be: CTX.idp_config|d in ["on_prem_only"] and ORG.VARIABLES.default_rmm|d == "ConnectWise Automate" to trigger specialized automation for a particular RMM tool.

Last updated

Was this helpful?