I'm curious about how others are handling M365 F1 licenses, particularly the challenges that come with them. We have around 20,000 users on F1 licenses, but we've turned off the Exchange Kiosk Plan recently. This has made it harder for business members to schedule meetings with our F1 users. I think we might need to turn the Kiosk Plan back on and set up some controls.
What strategies do you use to manage or restrict access to M365 F1 mailboxes? Are you implementing Conditional Access or Conditional Access Policies, or are people just ignoring the issues? If you are using CAS, is it through scripting or your identity management tools?
Additionally, are any admins out there applying retention policies for these mailboxes? I'm considering a blanket 30-day retention policy since the mailboxes mostly contain accidental messages, old meeting invites, or emails sent to distribution lists that shouldn't have F1 users included. It would be great if Microsoft could separate the mailbox requirements from calendar access, but that hasn't happened in the 5+ years since M365 F1 was introduced, and it feels like we're still stuck managing it on our end.
2 Answers
We've bundled F3 with our Exchange licenses and have our employees using the web interface only without email. What's the actual business case for not allowing them an email? The Kiosk plan was meant for Kiosk-style use, so why not assign it to actual end users?
Just a heads up, you can't apply Conditional Access policies or retention policies on F1. If you try using CA policies intended for those with different licenses, you'd be out of compliance with Microsoft.
Actually, F1 includes Entra P1, so we do have the ability to use CA.
The Kiosk plan is included with the F1 license, but we can't use it for email due to the terms of service.