I have a small conundrum. We provision Exchange via birthright Employee Role. Our server team is now moving users to the "cloud" and we found that IDM would check against the on prem Exchange DB and when it did not see the mailbox that it thought should be there via the employee Role resource/entitlement it would create a new mailbox and mess up the user email since it was moved to cloud (server team did not involve us in the design).
So - what we have been recommended to do is setup the Azure driver. this is our long term solution but we have deadline so must come up with short term "solution".

So, can we leave Exchange in the Employee Role, but turn off Exchange provisioning in the AD driver? If so, where do we disable the exchange provisioning I see a few GCV and driver options but not sure which is the correct one to basically flip the off switch on creating the mailbox.

Then what we will do is user our Service Now driver to send a ticket to helpdesk to provision the mailbox (either on prem or cloud, they can determine). We have serviceNow driver that will send tickets based on nrfAssignedResources changing/adding/removing. We have flag set on Exchange so it doesn't send tickets currently but that is easily flipped.

So does this sound like a decent plan? Will the employee role still grant the the Exchange resource but not provision the mailbox? I'm confident in our Service Now design, but not so much what happens or where to tell AD driver to not provision the mailbox.