Forum Discussion
Leaver mailboxes - Suggestions for automated retention
Hi community,
I am in the process of setting up a data retention program for my organisation, and seek some advice on how to manage mailbox once a user leaves the organisation.
For information: We are in a hybridised Exchange environment (Exchange Online and EX2016). All users are assigned Enterprise E3 licences.
What we want to achieve: When users leave the organisation, we want to automatically convert the user mailboxes to inactive mailboxes, and then retain the users inactive mailboxes for 1 year (that is 1 year after the time they left and were deleted). We want to achieve this automatically for all users, with having to manage it on a user by user basis.
I know that in order to convert the mailbox to an inactive mailbox, a hold or retention policy must be applied to the user BEFORE the user is delete, otherwise the mailbox moves to soft delete stage and is deleted after 30 days, but I am not sure how to configure the hold/retention policy in order to a) ensure the mailbox moves to inactive mailbox, and b) ensure it gets deleted 1 years after the user left (and the mailbox became an inactive mailbox)
Is this even possible? Any guidance would be greatly appreciated.
7 Replies
Hi, the Retention Policy is the easy part. You would need to configure it like this;
It's the automating the user deletion that I can't instantly think of how could be achieved. Also not sure it's a good idea as it could be prone to error and accounts that shouldn't be deleted may accidentally get targeted for deletion.
So I would say that you need a process as follows;
- HR informs IT of the users leaving date.
- IT assigns the user to the retention policy.
- IT removes the licence from the user object / or deletes the user object - thus making the mailbox inactive.
I guess maybe a flow or a form could be created to trigger the employee leavers process, but I would say that some manual intervention is always going to be needed along the way, and also that this is a good thing.
Hi PeterRising
Thanks for the reply, much appreciated.
I am not so worried about the user deletion from on-prem AD, the helpdesk can manually do this. Initially I was trying to think of a way to assign the retention policy automatically but now that you mention it, I think I can use a flow to allow the helpdesk handle this piece.
I do have one question which maybe you could help with. My understanding of retention policies targeted at Exchange, is that it is retains on an item level, rather than retaining the inactive mailbox as a whole. So the policy would retain emails within the mailbox based on their sent/received dates.
Do I understand corrrectly? If so then let's consider the following scenario:
1. HR informs UserA will leave. UserA has been with the company for 5 years (and has 5 years of email items)
2. Helpdesk applies retention policy which retains for 1 year and then deletes content
3. Helpdesk deletes user/remove o365 licence, and mailbox becomes inactive mailbox
At step 2, would the policy remove all email older than 12 months, so UserA would lose 4 years of email before the mailbox becomes inactive?
Item-level hold is fine, any hold type is fine and as long as you have at least one type applying to the mailbox or items therein, the mailbox will be kept as inactive. Retention policies "translate" to in-place holds on the backend, and you can also use good old litigation hold.
