A post to the Office 365 Technical Discussions Facebook group reported the strange case where a mailbox encountered the ItemsInFolder threshold. This happens when the number of items in a mailbox folder reaches one million, the maximum supported number for an Exchange Online folder.
Curious NDR
The problem became apparent when a user sent a message to a Microsoft 365 group and received a non-delivery report (NDR) with a 554 4.3.2 status. The natural assumption was that the problem was with the group, but when administrators checked the inbox in the group mailbox, they discovered that the number of items was around six thousand, far removed from the million-item limit. Further investigation of the NDR revealed that the problem occurred with a mailbox called AggregateGroupMailbox.A.201708112321@contoso.onmicrosoft.com.
When this mailbox was checked, it was found that a million items were in its inbox.
The aggregate group mailbox is an arbitration (system) mailbox used by Exchange Online to hold copies of messages sent to Microsoft 365 groups. According to Microsoft, the items in the mailbox are used to support searches against groups. Bringing copies of messages from multiple groups together in a single mailbox makes it easier to search across those mailboxes at the risk of blowing mailbox limits. A background assistant purges items from the arbitration mailboxes periodically, but when group mailboxes are used heavily, it’s possible to exceed the million-item limit. Microsoft has modified the way search works and the arbitration mailboxes are no longer used for searching.
Solution – Drop Messages Using a Mail Flow Rule
Until Microsoft removes the arbitration mailboxes, the workaround is to block them from receiving any further messages. The easiest way to do this is to create a mail flow (transport) rule to drop messages sent to the arbitration mailboxes. For example, this PowerShell command creates a mail flow rule to drop messages sent to a specific arbitration mailbox using an address found in the NDR.
New-TransportRule -SentTo @("AggregateGroupMailbox.A.201708181918@contoso.onmicrosoft.com") -DeleteMessage:$true -Name 'Block Messages Copies to the Aggregate Group Mailbox' -StopRuleProcessing:$false -Mode 'Enforce' -Comments 'A transport rule to drop messages copied to the Aggregate Group Mailbox' -RuleErrorAction 'Ignore' -SenderAddressLocation 'Header'
This problem should go away during 2021 when Microsoft completes the work to stop messages being copied to the aggregate group mailboxes and removes these mailboxes from Exchange Online. In the interim, organizations don’t need to do anything unless they encounter NDRs for a mailbox they probably never knew to exist.
Microsoft’s support article on the topic is available here.