As a best practice, it is recommend that you don’t configure blanket, persistent access for IT administrators to end user Exchange mailboxes.
Microsoft Exchange Server - Articles
Read useful articles about Microsoft Exchange Server.
For POP and IMAP access to Exchange Server mailboxes the best practice is to require secure logins.
The servers running Exchange Server in your environment should have unique, complex local administrator passwords that are unknown.
When you configure journaling in an Exchange organization you should also review the configuration of any databases that will be hosting journal mailboxes.
It is a recommended practice to configure any antivirus software running on Exchange servers to exclude specific paths, processes, and file types.
The confusion over disabling an Exchange Server mailbox vs removing a mailbox could be easily solved with two simple changes.
Understand the issues that cause Exchange Server databases to fail to mount due to corruption and dirty shutdown states.
Office 365 has no mailbox backup options built in to the Exchange Online service, which is a serious concern for some organizations.
When it comes to Exchange Server the the principle of least privilege applies, and is considered a best practice.
Here’s my experience using the Advanced Threat Protection features in Exchange Online Protection to protect my Office 365 tenant.