We disable AD accounts but their mailboxes are enabled by design until they are removed. I am looking for the best way to prevent email flow to to those mailboxes.
1.) Change Mail flow at the mailbox level:
We can also do the following to accommodate the request, we can create a dummy user address (hidden from the GAL) and limit the disabled mailboxes using the Message Delivery Restrictions
2.) Transport Rule:
A transport rule would determine if the user is a member of a disabled group and then reject it with a customizable NDR. With this approach all we would need to ensure is that the user is a part of the disabled group.
Any other suggestions? Can #2 be implemented if so can you please let me know how? are there any disadvantages with #2?