Menu of the day: online archive served with retention policy and litigation hold (scented with seasonal cross-premises flavors and recoverable items notes)
As an Exchange Server “chef”, I am frequently asked how these things should be cooked, whether the ingredients can be mixed one to each other and so on.
Well… here’s the top secret recipe:
- On-premises Mailbox (Exchange 2010/2013/2016)
- Online Archive (EXO)
- Retention Policy (with “Move to archive” action)
- Litigation Hold On
Can be served by:
Anyone who wants to keep items for an indefinite/longer period of time and to avoid potential “disk space issues” on the Exchange servers.
As a sample:
I will cook today 1x Exch2016 on-premises mailbox (“userana”) with online archive, 1x move-to-archive retention tag with 2-day age for the default folders and 1x move-to-archive retention tag with 3-day age for the recoverable items folder, litigation hold with indefinite time, “RetaindeletedItemsfor” parameter on the mailbox set to default 14 days (configurable with “Set-Mailbox”).
- To enable online archive for an on premises mailbox, please follow the steps in “ Create a cloud-based archive for an on-premises primary mailbox in an Exchange hybrid deployment”
- To automatically move items to archive, please create first the desired Retention Tags which will be part of the Retention Policy. I chose for my sample:
1x Tag to move all items from default folder to archive after 2 days
New-RetentionPolicyTag -Name NewTag1 -AgeLimitForRetention 2 -RetentionAction MoveToArchive -Type All
1x Tag to move all items from Recoverable Items Folder to archive after 1 day
New-RetentionPolicyTag -Name NewTag2 -AgeLimitForRetention 3 -RetentionAction MoveToArchive -Type RecoverableItems
- To create the retention policy and add the tags to it
New-RetentionPolicy -Name MyRetentionPolicy1 -RetentionPolicyTagLinks NewTag1, NewTag2
- To enable litigation hold indefinitely:
Set-Mailbox -Identity userana -LitigationHoldEnabled $true
- To assign the newly created retention policy to the user:
Set-Mailbox -identity Userana -RetentionPolicy MyRetentionPolicy1
- To immediately start messaging records management (MRM) processing of the mailbox, run:
Start-ManagedFolderAssistant -Identity Userana
- If you see that items are not moving to archive as expected please consider the following cmdlets for troubleshooting:
Export-MailboxDiagnosticLogs -Identity userana -ExtendedProperties
Export-MailboxDiagnosticLogs -Identity userana -ComponentName MRM
Relevant parameters to check in the output: ELCLastSuccessTimestamp, ElcLastRunUpdatedItemCount, Elc*
If OAuth isn’t configured for your Exchange hybrid deployment, you can’t use archive policies to automatically move items from a user’s primary mailbox in your on-premises organization to the user’s cloud-based archive in Exchange Online. Details in TechNet.
RESULTS of Sample:
In case we have a Retention Policy onprem with: · 1x tag to move all items to archive after 2 days , · 1x tag to move recoverable items to archive after 3 days and · “RetaindeletedItemsfor” parameter on the mailbox is set to 14 days, then:
- Will the items in Recoverable Items folder in primary mailbox be moved to the Recoverable Items folder in archive after 2, 3 or 14 days? Items in the Recoverable Items folder in the primary mailbox will be moved to the Recoverable Items folder in the archive mailbox based on the settings in the Retention Policy Tags applying to the default Recoverable Items folder. In this scenario, the items in the Recoverable Items folder in the primary mailbox will be moved to the Recoverable Items folder in the archive mailbox after 3 days.
Will a copy remain in primary mailbox until “RetaindeletedItemsfor” period is over? No, after the items in the Recoverable Items folder in the primary mailbox are moved to the Recoverable Items folder in the archive mailbox based on the settings in the Retention Policy Tags applying to the default Recoverable Items folder, there will not be any copy remaining in primary mailbox.
How long will the recoverable items be kept in archive? If neither Litigation Hold nor InPlace Hold is enabled on the mailbox, recoverable items will be kept in archive based on the “RetaindeletedItemsfor” settings. Exchange saves the timestamp of when the item was moved to the Recoverable Items folder in the PR_LAST_MODIFICATION_TIME property of the item. The PR_LAST_MODIFICATION_TIME property will be updated too when the item in the Recoverable Items folder in the primary mailbox is moved to the Recoverable Items folder in the archive mailbox. In this sample-scenario, it will be 14 days. Default value of the “RetaindeletedItemsfor” parameter on the online archive is 14 days. For longer retention periods, Litigation/in-place holds should be considered.
- How long will the other remaining items be kept in the archive, after they are moved from primary mailbox? As described in Technet Archive mailboxes don't have a separate retention policy. The same retention policy is applied to the primary and archive mailbox.” Also as per Blog, “DPT with action other than move to archive action processes the primary mailbox as well as archive mailbox.” Therefore, if there are no additional tags in the primary mailbox (other than the two “MovetoArchive” tags), then the items in archive default folders should not be touched by other actions. So the remaining items (other than items in Recoverable items folder) should be kept for as long as the storage limit allows it, corresponding to your current plan (50GB/unlimited) https://technet.microsoft.com/en-us/library/exchange-online-limits.aspx Please note however the following scenario: If the end-user applied a personal tag on a folder (let’s call it Folder1) and if a folder with the same name exists also in the Archive (Folder1), then the personal tag will be applied also to the folder in the archive due to the identical names. If the user does not want “Folder1” in the archive to be processed, then he should change the name of Folder1 in archive to something else. This scenario is explained also in the following article: https://blogs.technet.microsoft.com/vikass_blog/2013/07/03/retention-policy-on-archive-mailbox/
- If we place the primary mailbox on litigation hold, will the archive be placed on hold, too? Yes, as per TechNet : “If you place a Litigation Hold on an on-premises primary mailbox in an Exchange hybrid deployment , the cloud-based archive mailbox (if enabled) is also placed on hold.“ Also:“Litigation Hold preserves items in the Recoverable Items folder in the user's mailbox. The default size for this folder is 30 GB . Depending on number and size of items deleted or modified, the size of the Recoverable Items folder of the mailbox may increase quickly. The Recoverable Items folder is configured with a high quota by default. We recommend that you monitor mailboxes that are placed on Litigation Hold on a weekly basis to ensure they don't reach the limits of the Recoverable Items quotas" .
- If we enable Litigation Hold on the primary mailbox (which will consequently enable Litigation Hold also on the Online Archive), will this cancel out the archiving retention policies applied on the mailbox which should actually "move content on the cloud", therefore releasing DB space On-Premise? Litigation hold or in-place hold is a compliance feature and is controlled from onprem and active for both mailboxes (primary and archive). The retention policy framework is a completely different feature that should stay working independently to in-place setup. Retention policies manage the part of the mailbox , that is visible to the user and handles how mails are moved to the archive. Litigation hold or in-place hold, keeps hard deleted mails in a hidden folder of the dumpster – invisible to the user himself- (dumpster of both primary and archive) for compliance related search (eDiscovery). That means “move to archive” per retention policy should still work.
- If the Litigation Hold is a compliance feature in retaining items on both cloud archive and On-Premise, then how can this be the resolution for managing the space occupied by a mailbox that is still On-Premise? Indeed, if you place a Litigation Hold on an on-premises primary mailbox in an Exchange hybrid deployment, the cloud-based archive mailbox (if enabled) is also placed on hold. For managing the space issue, occupied by a mailbox on-Prem, you should use “move to archive” retention Tags. As explained above, the litigation hold feature will not interfere with the “move to archive” tags. See also article:
“Using the Recoverable Items 14 days Move to Archive retention tag helps free up storage space in the Recoverable Items folder in the user's primary mailbox . This is useful when a user's mailbox is placed on hold , which means nothing is ever permanently deleted the user's mailbox. Without moving items to the archive mailbox, it's possible the storage quota for the Recoverable Items folder in the primary mailbox will be reached.”
In other words, litigation hold just assures that no email is lost/deleted by users. Details.
- What happens right after the hard deletion of recoverable items (just before they are moved to the cloud)? Aren't they going to be placed under the Litigation Hold dumpster and stay there still occupying the same space they were occupying in the recoverable items dumpster (still inside the same On-Premise mailbox)? Items deleted from “Deleted items”, by user or by RPT, will go first to the Deletions in primary mailbox. But then no matter if they will reach the Purges folder or other recoverable items folder (still in primary mailbox), the retention action “move to archive” should still take place, as Recoverable Items tag should handle everything under Recoverable Items folder (Deletions, Purges, InPlaceHolds etc.).
- How can we restore recoverable items from the online archive back to the on-premises mailbox? As we know, there are various subfolders under Recoverable Items (no matter if primary mailbox/online archive).
1.Calendar Logging contains calendar changes that occur within a mailbox. Items in Calendar Logging of primary mailbox will be archived to the Calendar Logging folder of the online archive.
This folder isn’t available to users in Outlook/OWA1.
2. Deletions contains:
- Items deleted from the Deleted Items folder, manually or by Retention Policy
- Items deleted by users from any folder by pressing Shift+Delete.
Items in Deletions of primary mailbox will be archived to the Deletions folder of the online archive.
This subfolder is exposed to users through the Recover Deleted Items feature in Outlook and Outlook Web App.
If users want to check it for the online archive, they will have to go to Deleted Items in Online archive and then click on “Recover Deleted Items from Server”:
From here users can restore the desired items back to the Deleted Items of the Online Archive by selecting the items, checking “Restore selected items” and clicking ok:
3. Purges contains all items that are purged, if Litigation Hold or single item recovery is enabled .
This folder isn’t available to users in Outlook/OWA1.
Items in the Deletions subfolder reside there until the deleted item retention period configured for the mailbox database or the mailbox expires. So after 14 days (setting on the mailbox), these items will be moved to Purges.
Items manually purged from Deletions, by marking “Purge Selected Items” within “Recover Deleted Items from Server”, will land as well in Purges.
Items in Purges of primary mailbox will be archived to the Purges folder of the online archive.
4. Versions contains the original and modified copies of the deleted items, if In-Place Hold or Litigation Hold is enabled. This folder isn't visible to end users.
This folder isn’t available to users in Outlook/OWA1.
Items in Versions of primary mailbox will be archived to the Versions folder of the online archive.
To sum up only items residing in Deletions Subfolder of “Recoverable Items” can be by default restored by end users, using Outlook/OWA, through “Recover Deleted Items from Server” feature.
1 = To recover from subfolders in Recoverable Items that are unavailable in Outlook/OWA, through “Recover Deleted Items from Server”, you can use Ediscovery feature (more info on the steps for Admins ) or you can install MFCMAPI on the clients (https://mfcmapi.codeplex.com/).