cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Anyone knows a way to create a retention policy for EXO Inactive mailboxes?

AlanBinHu
Copper Contributor

‎Oct 08 2021 12:04 AM

‎Oct 08 2021 12:04 AM

Anyone knows a way to create a retention policy for EXO Inactive mailboxes?

In the article section of "Inactive mailboxes and Microsoft 365 retention policies" it specifies:

You might consider creating a Microsoft 365 retention policy specifically for inactive mailboxes. Here are some reasons for doing this and things to keep in mind.

You can configure the retention policy to retain mailbox content only as long as necessary to meet your organization's requirement for former employees.

It's a good way to identify inactive mailboxes because the retention policy will only be applied to inactive mailboxes.

You are able to quickly identify the retention policy that's assigned to inactive mailboxes in your organization. This makes it easier to change the retention (or deletion) settings if necessary. It will also make it easier to permanently delete an inactive mailbox because you can remove it from the policy by using the Microsoft 365 compliance center. Otherwise, you have to use Exchange Online PowerShell to remove a Litigation Hold from an inactive mailbox or use Security & Compliance Center PowerShell to exclude an inactive mailbox from an organization-wide Microsoft 365 retention policy.

If you create a Microsoft 365 retention policy specifically for inactive mailboxes, you can add a maximum of 1,000 mailboxes to the policy. If you're a large organization, you might have to create more than one Microsoft 365 retention policy to use for inactive mailboxes.

These are exactly what my organization wants. However, I wonder whether it is possible to create a retention policy targeting all the inactive mailboxes. If so, what are the process to create such a retention policy. This article did not provide any feasible way to create such a policy.

Could anyone advise whether it is possible and how this retention policy can be created?

In another document It mentions:

When you apply the retention settings to All recipients, any inactive mailboxes are included. However, if you change this default and configure specific inclusions or exclusions, inactive mailboxes aren't supported and retention settings won't be applied or excluded for those mailboxes.

1,096 Views
0 Likes
3 Replies
Reply
3 Replies
AlanBinHu

‎Oct 08 2021 02:35 AM

‎Oct 08 2021 02:35 AM

Re: Anyone knows a way to create a retention policy for EXO Inactive mailboxes?

PS C:\WINDOWS\system32> get-organizationConfig | Fl InplaceHolds, LitigationHoldEnabled

InPlaceHolds : {mbx78340bdddf8a4bf3b480d566e69a7a64:2}

 

#Note: this LitigationHold is manually enabled

PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL LitigationHoldEnabled,InPlaceHolds

LitigationHoldEnabled : True
InPlaceHolds : {}

 

PS C:\WINDOWS\system32> Get-RetentionCompliancePolicy "78340bdddf8a4bf3b480d566e69a7a64" -DistributionDetail | Fl Name, *Location

Name : Retain mailboxes forever
SharePointLocation : {}
ExchangeLocation : {All}
PublicFolderLocation : {}
SkypeLocation : {}
ModernGroupLocation : {}
OneDriveLocation : {}
TeamsChatLocation : {}
TeamsChannelLocation : {}
AdaptiveScopeLocation : {}

 

PS C:\WINDOWS\system32> get-organizationConfig | Fl InplaceHolds, LitigationHoldEnabled

InPlaceHolds : {mbx78340bdddf8a4bf3b480d566e69a7a64:2}

 

#Note: this LitigationHold is manually enabled

PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL LitigationHoldEnabled,InPlaceHolds

LitigationHoldEnabled : True
InPlaceHolds : {}

 

PS C:\WINDOWS\system32> Get-RetentionCompliancePolicy "78340bdddf8a4bf3b480d566e69a7a64" -DistributionDetail | Fl Name, *Location

Name : Retain mailboxes forever
SharePointLocation : {}
ExchangeLocation : {All}
PublicFolderLocation : {}
SkypeLocation : {}
ModernGroupLocation : {}
OneDriveLocation : {}
TeamsChatLocation : {}
TeamsChannelLocation : {}
AdaptiveScopeLocation : {}

 

According to documentation New-RetentionCompliancePolicy (ExchangePowerShell) | Microsoft Docs

-ExchangeLocation

The ExchangeLocation parameter specifies the mailboxes to include. Valid values are:

  • A mailbox
  • A distribution group or mail-enabled security group (all mailboxes that are currently members of the group).
  • The value All for all mailboxes. You can only use this value by itself.

To specify a mailbox or distribution group, you can use any value that uniquely identifies it. For example:

  • Name
  • Distinguished name (DN)
  • Email address
  • GUID

So the pain starts......

 

PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "DiegoS"
The specified recipient "DiegoS" couldn't be found.
+ CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException + FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=42a03677-62f2-4792-a1b4-6e7d08d879d2,TimeStamp=8/10/2021 9:13:35 AM] [Failur eCategory=Cmdlet-ManagementObjectNotFoundException] 3930D393,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy + PSComputerName : aus01b.ps.compliance.protection.outlook.com

PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL Guid, ExchangeGuid, DatabaseGuid, UserPrincipalName, DistingishedName

Guid : 426d751b-c0e4-4f14-b6ab-3897abd64907
ExchangeGuid : e5364dd8-1716-468b-8e28-16731a7740df
DatabaseGuid : f720391d-f654-40d7-a84e-c57a1c74d204
UserPrincipalName : DiegoS@ahu001.onmicrosoft.com


PS C:\WINDOWS\system32> get-mailbox -InactiveMailboxOnly -Identity DiegoS | FL Guid, ExchangeGuid, DatabaseGuid, UserPrincipalName, DistinguishedName

Guid : 426d751b-c0e4-4f14-b6ab-3897abd64907
ExchangeGuid : e5364dd8-1716-468b-8e28-16731a7740df
DatabaseGuid : f720391d-f654-40d7-a84e-c57a1c74d204
UserPrincipalName : DiegoS@ahu001.onmicrosoft.com
DistinguishedName : CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted
Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM


PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "426d751b-c0e4-4f14-b6ab-3897abd64907"
Creating a new Remote PowerShell session using Modern Authentication for implicit remoting of "Set-RetentionCompliancePolicy" command ...
WARNING: Your connection has been redirected to the following URI:
"https://aus01b.ps.compliance.protection.outlook.com/Powershell-LiveId?BasicAuthToOAuthConversion=true;PSVersion=5.1.19041.1237"
This operation requires a unique source object, but multiple objects have been found for the recipient
"426d751b-c0e4-4f14-b6ab-3897abd64907". Please remove any wildcard characters and check the data source for corruption.
+ CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException
+ FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=44ed850e-2bb9-4630-82da-14733e41fce6,TimeStamp=8/10/2021 9:18:50 AM] [Failur
eCategory=Cmdlet-ManagementObjectAmbiguousException] 455E7C8D,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy
+ PSComputerName : aus01b.ps.compliance.protection.outlook.com


PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "e5364dd8-1716-468b-8e28-16731a7740df"
This operation requires a unique source object, but multiple objects have been found for the recipient
"e5364dd8-1716-468b-8e28-16731a7740df". Please remove any wildcard characters and check the data source for corruption.
+ CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException
+ FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=ab2f2837-9a15-470d-89e6-16a87a3691e6,TimeStamp=8/10/2021 9:19:16 AM] [Failur
eCategory=Cmdlet-ManagementObjectAmbiguousException] 75D0ECB8,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy
+ PSComputerName : aus01b.ps.compliance.protection.outlook.com


PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "f720391d-f654-40d7-a84e-c57a1c74d204"
This operation requires a unique source object, but multiple objects have been found for the recipient
"f720391d-f654-40d7-a84e-c57a1c74d204". Please remove any wildcard characters and check the data source for corruption.
+ CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectAmbiguousException
+ FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=80788e3c-3d66-4650-ad35-57a3ae467eb6,TimeStamp=8/10/2021 9:19:34 AM] [Failur
eCategory=Cmdlet-ManagementObjectAmbiguousException] BD2815F1,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy
+ PSComputerName : aus01b.ps.compliance.protection.outlook.com

PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "DiegoS@ahu001.onmicrosoft.com"
The specified recipient "DiegoS@ahu001.onmicrosoft.com" couldn't be found.
+ CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=3cde8e9a-a17b-4199-94bf-02959e663820,TimeStamp=8/10/2021 9:19:50 AM] [Failur
eCategory=Cmdlet-ManagementObjectNotFoundException] B9C63728,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy
+ PSComputerName : aus01b.ps.compliance.protection.outlook.com

PS C:\WINDOWS\system32> Set-RetentionCompliancePolicy -Identity "78340bdddf8a4bf3b480d566e69a7a64" -AddExchangeLocationException "CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM"
The specified recipient "CN=DiegoS,OU=Soft Deleted Objects,OU=ahu001.onmicrosoft.com,OU=Microsoft Exchange Hosted
Organizations,DC=AUSP282A003,DC=PROD,DC=OUTLOOK,DC=COM" couldn't be found.
+ CategoryInfo : NotSpecified: (:) [Set-RetentionCompliancePolicy], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=ME1AUS01WS002,RequestId=0ea3c23c-1f35-4266-936f-690389166c63,TimeStamp=8/10/2021 9:20:14 AM] [Failur
eCategory=Cmdlet-ManagementObjectNotFoundException] 1DEF8726,Microsoft.Office.CompliancePolicy.Tasks.SetRetentionCompliancePolicy
+ PSComputerName : aus01b.ps.compliance.protection.outlook.com
0 Likes
Reply
Vasil Michev

‎Oct 08 2021 09:49 AM

‎Oct 08 2021 09:49 AM

Re: Anyone knows a way to create a retention policy for EXO Inactive mailboxes?

I dont think there is one, perhaps with the newly introduced adaptive scopes?
0 Likes
Reply
AlanBinHu

‎Oct 14 2021 12:25 AM

‎Oct 14 2021 12:25 AM

Re: Anyone knows a way to create a retention policy for EXO Inactive mailboxes?

@Vasil Michev It has been answered by Mark Johnson@MSFT:
Is it even possible to create a retention policy for Inactive Mailboxes only and what are the proces...

You are correct to assume that you can't add an existing inactive mailbox to a retention policy. The guidance in this article implies that you would have to add a mailbox to a retention policy before the mailbox is made inactive. So the sequence would be to add active mailbox to an explicit retention policy and then make the mailbox inactive.
0 Likes
Reply