Forum Discussion
Anyone knows a way to create a retention policy for EXO Inactive mailboxes?
In the article section of "Inactive mailboxes and Microsoft 365 retention policies" it specifies:
You might consider creating a Microsoft 365 retention policy specifically for inactive mailboxes. Here are some reasons for doing this and things to keep in mind.
You can configure the retention policy to retain mailbox content only as long as necessary to meet your organization's requirement for former employees.
It's a good way to identify inactive mailboxes because the retention policy will only be applied to inactive mailboxes.
You are able to quickly identify the retention policy that's assigned to inactive mailboxes in your organization. This makes it easier to change the retention (or deletion) settings if necessary. It will also make it easier to permanently delete an inactive mailbox because you can remove it from the policy by using the Microsoft 365 compliance center. Otherwise, you have to use Exchange Online PowerShell to remove a Litigation Hold from an inactive mailbox or use Security & Compliance Center PowerShell to exclude an inactive mailbox from an organization-wide Microsoft 365 retention policy.
If you create a Microsoft 365 retention policy specifically for inactive mailboxes, you can add a maximum of 1,000 mailboxes to the policy. If you're a large organization, you might have to create more than one Microsoft 365 retention policy to use for inactive mailboxes.
These are exactly what my organization wants. However, I wonder whether it is possible to create a retention policy targeting all the inactive mailboxes. If so, what are the process to create such a retention policy. This article did not provide any feasible way to create such a policy.
Could anyone advise whether it is possible and how this retention policy can be created?
In another document It mentions:
When you apply the retention settings to All recipients, any inactive mailboxes are included. However, if you change this default and configure specific inclusions or exclusions, inactive mailboxes aren't supported and retention settings won't be applied or excluded for those mailboxes.
3 Replies
- I dont think there is one, perhaps with the newly introduced adaptive scopes?
VasilMichev It has been answered by Mark Johnson@MSFT:
Is it even possible to create a retention policy for Inactive Mailboxes only and what are the process? · Issue #6549 · MicrosoftDocs/microsoft-365-docs (github.com)You are correct to assume that you can't add an existing inactive mailbox to a retention policy. The guidance in this article implies that you would have to add a mailbox to a retention policy before the mailbox is made inactive. So the sequence would be to add active mailbox to an explicit retention policy and then make the mailbox inactive.
PS C:\WINDOWS\system32> get-organizationConfig | Fl InplaceHolds, LitigationHoldEnabled
InPlaceHolds : {mbx78340bdddf8a4bf3b480d566e69a7a64:2}
#Note: this LitigationHold is manually enabled
PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL LitigationHoldEnabled,InPlaceHolds
LitigationHoldEnabled : True
InPlaceHolds : {}PS C:\WINDOWS\system32> Get-RetentionCompliancePolicy "78340bdddf8a4bf3b480d566e69a7a64" -DistributionDetail | Fl Name, *Location
Name : Retain mailboxes forever
SharePointLocation : {}
ExchangeLocation : {All}
PublicFolderLocation : {}
SkypeLocation : {}
ModernGroupLocation : {}
OneDriveLocation : {}
TeamsChatLocation : {}
TeamsChannelLocation : {}
AdaptiveScopeLocation : {}PS C:\WINDOWS\system32> get-organizationConfig | Fl InplaceHolds, LitigationHoldEnabled
InPlaceHolds : {mbx78340bdddf8a4bf3b480d566e69a7a64:2}
#Note: this LitigationHold is manually enabled
PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL LitigationHoldEnabled,InPlaceHolds
LitigationHoldEnabled : True
InPlaceHolds : {}PS C:\WINDOWS\system32> Get-RetentionCompliancePolicy "78340bdddf8a4bf3b480d566e69a7a64" -DistributionDetail | Fl Name, *Location
Name : Retain mailboxes forever
SharePointLocation : {}
ExchangeLocation : {All}
PublicFolderLocation : {}
SkypeLocation : {}
ModernGroupLocation : {}
OneDriveLocation : {}
TeamsChatLocation : {}
TeamsChannelLocation : {}
AdaptiveScopeLocation : {}According to documentation New-RetentionCompliancePolicy (ExchangePowerShell) | Microsoft Docs
-ExchangeLocationThe ExchangeLocation parameter specifies the mailboxes to include. Valid values are:
- A mailbox
- A distribution group or mail-enabled security group (all mailboxes that are currently members of the group).
- The value All for all mailboxes. You can only use this value by itself.
To specify a mailbox or distribution group, you can use any value that uniquely identifies it. For example:
- Name
- Distinguished name (DN)
- Email address
- GUID
So the pain starts......
PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "DiegoS" The specified recipient "DiegoS" couldn't be found. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=42a03677-62f2-4792-a1b4-6e7d08d879d2,TimeStamp=8/10/2021 9:13:35 AM] [Failur eCategory=Cmdlet-ManagementObjectNotFoundException] 3930D393,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL Guid, ExchangeGuid, DatabaseGuid, UserPrincipalName, DistingishedName Guid : 426d751b-c0e4-4f14-b6ab-3897abd64907 ExchangeGuid : e5364dd8-1716-468b-8e28-16731a7740df DatabaseGuid : f720391d-f654-40d7-a84e-c57a1c74d204 UserPrincipalName : DiegoS@ahu001.onmicrosoft.com PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL Guid, ExchangeGuid, DatabaseGuid, UserPrincipalName, DistinguishedName Guid : 426d751b-c0e4-4f14-b6ab-3897abd64907 ExchangeGuid : e5364dd8-1716-468b-8e28-16731a7740df DatabaseGuid : f720391d-f654-40d7-a84e-c57a1c74d204 UserPrincipalName : DiegoS@ahu001.onmicrosoft.com DistinguishedName : CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "426d751b-c0e4-4f14-b6ab-3897abd64907" Creating a new Remote PowerShell session using Modern Authentication for implicit remoting of "Set-RetentionCompliancePolicy" command ... WARNING: Your connection has been redirected to the following URI: "https://aus01b.ps.compliance.protection.outlook.com/Powershell-LiveId?BasicAuthToOAuthConversion=true;PSVersion=5.1.19041.1237" This operation requires a unique source object, but multiple objects have been found for the recipient "426d751b-c0e4-4f14-b6ab-3897abd64907". Please remove any wildcard characters and check the data source for corruption. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=44ed850e-2bb9-4630-82da-14733e41fce6,TimeStamp=8/10/2021 9:18:50 AM] [Failur eCategory=Cmdlet-ManagementObjectAmbiguousException] 455E7C8D,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "e5364dd8-1716-468b-8e28-16731a7740df" This operation requires a unique source object, but multiple objects have been found for the recipient "e5364dd8-1716-468b-8e28-16731a7740df". Please remove any wildcard characters and check the data source for corruption. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=ab2f2837-9a15-470d-89e6-16a87a3691e6,TimeStamp=8/10/2021 9:19:16 AM] [Failur eCategory=Cmdlet-ManagementObjectAmbiguousException] 75D0ECB8,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "f720391d-f654-40d7-a84e-c57a1c74d204" This operation requires a unique source object, but multiple objects have been found for the recipient "f720391d-f654-40d7-a84e-c57a1c74d204". Please remove any wildcard characters and check the data source for corruption. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=80788e3c-3d66-4650-ad35-57a3ae467eb6,TimeStamp=8/10/2021 9:19:34 AM] [Failur eCategory=Cmdlet-ManagementObjectAmbiguousException] BD2815F1,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "DiegoS@ahu001.onmicrosoft.com" The specified recipient "DiegoS@ahu001.onmicrosoft.com" couldn't be found. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=3cde8e9a-a17b-4199-94bf-02959e663820,TimeStamp=8/10/2021 9:19:50 AM] [Failur eCategory=Cmdlet-ManagementObjectNotFoundException] B9C63728,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM" The specified recipient "CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM" couldn't be found. + CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=0ea3c23c-1f35-4266-936f-690389166c63,TimeStamp=8/10/2021 9:20:14 AM] [Failur eCategory=Cmdlet-ManagementObjectNotFoundException] 1DEF8726,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com
