Internet email received through EOP is not journaled in an Exchange Server hybrid environment
Original KB number: 4344001
Consider this scenario:
- You deploy on-premises servers that are running Exchange Server in a hybrid Exchange and Office 365 environment.
- You enable the journal rules or standard journaling on the servers.
- Your mailbox is located in the on premise and set up the email address of an on-premises archiving mailbox or a third-party archiving service as the journaling mailbox.
- You do not create journal rules in Office 365.
- Your mail exchanger (MX) record points to Office 365 Exchange Online Protection (EOP).
- You receive an email message from an Internet source through EOP.
In this scenario, the messages that are sent from the on-premises servers that are running Exchange are journaled as expected. However, the messages that are received from Office 365 or from the Internet are not journaled.
This issue occurs because the message that originates from Office 365 or that is processed by EOP is added by having the following specific internal header:
X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent
This header identifies messages that have been processed by the Exchange Journaling agent. If the header is included in a message, Exchange Server recognizes that the message has already been processed by the Journaling Agent on a previous Hub Transport server. Therefore, it does not journal the message again.
To resolve this issue, go to Office 365, navigate to EAC > Compliance Management > Journal Rules, and then create the same journal rules as exist on the on-premise servers that are running Exchange.
In a hybrid environment, there's no replication of journal rules between your on-premises Exchange organization and Office 365. Therefore, when you create a rule in Exchange Server, you have to create a matching rule in Office 365.
Rules that you create in Office 365 are stored in the cloud, whereas the rules you create in your on-premises organization are stored locally in Active Directory. When you manage rules in a hybrid environment, you have to keep the two sets of rules synchronized by making any changes in both locations.