FindTime, your favorite scheduling add-in just got better!
We heard you and so we re-wrote the entire back-end infrastructure for FindTime, we built a new service within the Office 365 compliance boundary! More specifically, the organizer’s poll data is now stored in their mailbox and will not leave your tenant’s environment.Prevent archiving of items in a default folder in Exchange 2010
In Exchange 2010, you can use Retention Policies to manage message retention. Retention Policies consist of delete tags, i.e. retention tags with either Delete and Allow Recovery or Permanently Delete actions, or archive tags, i.e. retention tags with the Move To Archive action, which move items to the user's archive mailbox. Depending on how they're applied to mailbox items, retention tags are categorized as the following three types: Default Policy Tags (DPTs), which apply to untagged items in the mailbox – untagged items being items that don't have a retention tag applied directly or by inheritance from parent folder. You can create three types of DPT s: an archive DPT, a delete DPT and a DPT for voicemail messages. Retention Policy Tags (RPTs), which are retention tags with a delete action, created for default folders such as Inbox and Deleted Items. Not all default folders are supported. You can find a table showing the default folders supported for RPT s in Understanding Retention Tags and Retention Policies. Notably, Calendar, Tasks and Contacts folders aren't supported 1 . Personal Tags, which are retention tags that users can apply to items and folders in Outlook 2010 and Outlook Web App. Personal tags can either be delete tags or archive tags. They're surfaced in Outlook 2010 and OWA as Retention policies and Archive policies. To deploy retention tags, you add them to a retention policy and apply the policy to mailbox users. In Exchange 2010 SP1, we added support for the Notes folder. In Exchange 2010 RTM, items in the Notes folder aren't processed. After you upgrade to SP1, if the user's retention policy doesn't have a RPT for the Notes folder, the DPT from the user's policy will apply to items in that folder. In existing deployments, your users may not be used to their notes being moved or deleted. To prevent the DPT from being applied to a default folder, you can create a disabled RPT for that folder (or disable any existing RPT for that folder). The Managed Folder Assistant, a mailbox assistant that processes mailbox items and applies retention policies, does not apply the retention action of a disabled tag. Since the item/folder still has a tag, it's not considered untagged and the DPT isn't applied to it. Figure 1: Create a disabled Retention Policy Tag for the Notes default folder to prevent the Default Policy Tag from being applied to items in that folder Note: You can create a disabled RPT for any supported default folder. Why are items in the Notes folder still archived? If you create a disabled RPT for the Notes folder, you'll see items in that folder are not deleted, but they do continue to be moved to the archive! Why does this happen? How do you prevent it? It's important to understand that: A retention policy can have a DPT to archive items (using the Move to Archive retention action) and a DPT to delete items (using the Delete and Allow Recovery or Permanently Delete retention actions). Both apply to untagged items. The move and delete actions are exclusive of each other. Mailbox folders and messages can have both types of tags applied - an archive tag and a delete tag. It's not an either/or proposition. If you create a disabled RPT for the Notes folder to not delete items, the archive DPT for the mailbox would still apply and move items. When it comes to archiving, there's only one archive policy that administrators can enforce – the DPT with 'Move to archive' action. You can't create a RPT with the 'Move to archive' action. This rules out using the disabled RPT approach to prevent items from being moved. How do you prevent items in a default folder from being archived? There's no admin-controlled way to prevent items in default folders from being archived 2 , short of removing the archive DPT from a retention policy. However, removing the archive DPT would result in messages not moving to archive automatically unless the user applies a personal tag to messages or folders. The workaround is to have users apply the Personal never move to archive personal tag (displayed as Never under Archive Policy in Outlook/ OWA ) to a default folder. The tag is included in the Default Archive and Retention Policy created by Exchange Setup. You can also add this tag to any Retention Policies you create. Figure 2: Users can apply the Never archive policy to a default folder to prevent items in that folder from being archived 1 Support for Calendar and Notes retention tags was added in Exchange 2010 SP2 RU4. 2 You can apply a disabled move tag to a folder in user's mailbox using EWS code/script. For details, see Using Exchange Web Services to Apply a Personal Tag to a Custom Folder. Applying a disabled archive policy to the Notes default folder You can't use Outlook 2010 or Outlook 2013 to apply an archive policy to the Notes default folder or individual notes items. If your users want to preven Notes items from being moved, they must apply a disabled move tag to the Notes folder using OWA . Figure 3: Apply Personal never move to archive policy to the Notes folder in Outlook Web App in Exchange 2013. The Exchange 2010 Outlook Web App UI differs slightly - it lists archive and retention policies separately. See a screenshot here. Bharat Suneja Updates 1/23/2013: In Exchange 2010 SP2 RU4, we added Calendar and Tasks retention tag support. You can prevent these from being moved or deleted by creating registry values. See Calendar and Tasks Retention Tag Support in Exchange 2010 SP2 RU4. 6/18/2013: Added screenshot - Applying disabled move tag to Notes folder in OWA and link to Using Exchange Web Services to Apply a Personal Tag to a Custom Folder.
Exchange 2013 KB5008631 eDiscovery Deserialization of type Microsoft.Exchange.Data.PropertyBag+Value
After KB5008631 was installed, in-place eDiscovery & Hold in ECP stopped working. When going to the page, an error is displayed "Deserialization of type Microsoft.Exchange.Data.PropertyBag+ValuePair blocked due to NotInAllow at location MailboxDataStore." After the user clicks off the error message, the list of searches is left blank. If I uninstall KB5008631, the error stops occurring.Preserve mailbox data for eDiscovery using inactive mailboxes in Exchange Online
In Exchange Online and Exchange Server 2013, you can use In-Place Hold or Litigation Hold to preserve mailbox content for litigation or investigations. Many organizations also need to preserve mailbox data for users who are no longer in the organization. In on-premises Exchange deployments, this has typically been done by disabling the Active Directory user account and performing actions such as removing it from distribution groups, preventing inbound/outbound email to and from the mailbox (including setting delivery restrictions and configuring message size limits), hiding the mailbox from the Global Address List (GAL), and also setting an account expiration date on the user account in Active Direcory. Licensing costs are not a concern in this scenario, because you do not need a Client Access License (CAL) for a mailbox that’s no longer active. In Exchange Online, admins remove mailboxes for departed users. However, once you remove a mailbox, it can no longer be included in In-Place eDiscovey searches (Multi-Mailbox Search in the previous version of the service and in Exchange 2010). Additionally, 30 days after you remove a mailbox, it is permanently deleted from Exchange Online and can no longer be recovered. In-Place eDiscovery requires that the mailbox be active, which means an Exchange Online or Office 365 plan is required for the mailbox for as long as you want to preserve data for eDiscovery. Note: You can preserve mailbox data offline by exporting it to a PST file using Microsoft Outlook and then remove the mailbox. However, if you need to perform an eDiscovery search, you would need to inject it back to an Exchange Online mailbox. Inactive Mailboxes In the new Exchange Online, we’ve introduced the concept of inactive mailboxes to handle departed users. When a user leaves the organization and you need to retain their mailbox data for some time to facilitate eDiscovery (or meet retention or business requirements), you can place the mailbox on In-Place Hold or Litigation Hold before removing the Office 365 user. This preserves the mailbox, but prevents it from sending/receiving messages, hides it from users so it's no longer visible in the GAL and other recipient lists. You can add inactive mailboxes to In-Place eDiscovery searches. After you've made a mailbox inactive, you no longer require an Exchange Online or Office 365 plan for it. When your eDiscovery, retention or other business requirements are met and you no longer need to preserve the mailbox content, you can remove the mailbox from In-Place Holds or Litigation Hold. After you remove hold, the normal mailbox removal behavior of Exchange Online will resume for the mailbox - which means, if the mailbox was removed more than 30 days ago, it will be permanently deleted. If it was removed less than 30 days ago, it will be permanently deleted after 30 days of removal. For more details, see Overview of inactive mailboxes (short url: aka.ms/inactivembx) in Exchange Online documentation. Inactive mailboxes are available in March 2013 in the E3, E4, E5, A3, A4, G and Exchange Online P2 plans. Note: An inactive mailbox cannot exist without a Hold. To place a mailbox on hold, you require an Exchange Online Plan 2 license (standalone, or through Office 365 E3 or E5 plans). Customers with an Exchange Online Plan 1 can assign an Exchange Online Archiving (EOA) license to place a mailbox on hold. After you place a mailbox on hold and remove the user account, you can reassign the license. This preserves the mailbox data as long as it remains on hold. See Exchange Online service description for licensing and availability of features. Migrating inactive mailbox data to Exchange Online If you already have inactive mailboxes in your on-premises Exchange 2010 or Exchange 2013 environment or a third-party archive, you can move the data to inactive mailboxes in Exchange Online by first provisioning an Exchange Online mailbox, which requires a plan subscription, importing the data to the Exchange Online mailbox, placing the user on In-Place Hold or Litigation Hold and then deleting the user account, making it an inactive mailbox. You do not require a plan subscription for that mailbox after you make it inactive. However, you will need a subscription during the provisioning and data import process. If you have a large number of inactive mailboxes, you can provision them in batches using a smaller number of subscriptions. Note, the Product Usage Rights (PUR) states that licenses can only be reassigned once every 90 days. How long can a mailbox be inactive? You can preserve data in inactive mailboxes for as long as you need to, based on your organization's retention and eDiscovery requirements. Of course, you would need to continue to be an Office 365/Exchange Online customer. Do both primary and archive mailboxes become inactive mailboxes? When you place a mailbox on hold in Exchange, you're actually placing the user on hold. Both primary and archive mailboxes are placed on hold, and become inactive after you remove the Office 365 user. When you use Office 365's eDiscovery tools to search the (now inactive) user, both mailboxes are searched. How can you remove data from an inactive mailbox? If you've specified a hold duration using In-Place Hold or Litigation Hold, items older than the hold duration are removed when the Managed Folder Assistant (MFA) processes the mailbox. Can you search inactive mailboxes using Office 365 eDiscovery tools? Yes. Inactive mailboxes are visible to Office 365 eDiscovery tools - In-Place eDiscovery in Exchange Online, the eDiscovery Center in SharePoint Online, and eDiscovery or Content Search in the Office 365 Security and Compliance Center (SCC). No additional licenses are required to include inactive mailboxes in eDiscovery searches. What happens after July 1, 2017, when you'll no longer be able to create new In-Place Holds? As noted in Inactive mailboxes in Exchange Online and elsewhere in Exchange Online documentation: On July 1, 2017, you'll no longer be able to create In-Place Holds in Exchange Online (in Office 365 and Exchange Online standalone plans). You'll still be able to modify existing In-Place Holds, and creating new In-Place Holds in Exchange Server 2013 and Exchange hybrid deployments will still be supported. And, you'll still be able to place mailboxes on Litigation Hold. As an alternative to using In-Place Holds, you can use eDiscovery cases or retention policies in the Office 365 Security & Compliance Center. To make a mailbox inactive, you can use Litigation Hold, eDiscovery cases or Retention Policies in Office 365. Bharat Suneja Updates 3/16/2015: Changed the highlighted verbiage (in Migrating section) from "placing the user on In-Place Hold or Litigation Hold and then removing the subscription, making it an inactive mailbox" to "deleting the user account". Added links to In-Place eDiscovey and Litigation Hold. 5/23/2013: Added info about migrating inactive mailbox data to Exchange Online. 6/18/2013: Added note about Product Usage Rights (PUR). 3/5/2014: Added info about how long a mailbox can be inactive and included Litigation Hold. 4/14/2014: Added clarification about how you can remove data from inactive mailboxes (and hold duration specified for In-Place Hold or Litigation Hold has no impact.) 1/27/2016: Updated above clarificaiton about how you can remove data from inactive mailbox to state it is processed by MFA and items older than LitigationHoldDuration are removed. Removed: All content in an inactive mailbox is on hold until you remove the hold from the mailbox. 2/7/2017: Added following Q&A about archive mailboxes: Do both primary and archive mailboxes become inactive mailboxes? 5/22/2017: Added following Q&A about eDiscovery: Can you search inactive mailboxes using Office 365 eDiscovery tools? Added E5 plan to list ("Inactive mailboxes are available in March 2013 in the E3, E4, E5, A3, A4, G and Exchange Online P2 plans"). 6/19/2017: Added information regarding changes on July 1, 2017, when you'll no longer be able to create new In-Place Holds. 4/23/2020: Added note about licensing with link to service description and changed "Inactive mailboxes do not require an Exchange Online or Office 365 plan" to "After you've made a mailbox inactive, you no longer require an Exchange Online or Office 365 plan."Office365 exchange journal bcc field is missing
Hi, I set a journal rule to forward all messages of a specific mailbox to another mailbox (external system). The eml file that is received in the mailbox does not contain the bcc field recipients of the email although the email contained a bcc recipient. How caData immutability and Office 365 tenant lifecycle
One of the more common questions about Office 365 has been – what happens to my data after my organization’s Office 365 subscription ends? The most common answer circulated in the community refers to a grace period of 30 days, during which you can still retrieve your data. The answer’s not wrong, but here’s some more detail about the tenant lifecycle after an Office 365 subscription is cancelled, as it relates to the organization’s data. During the first 30 days after an Office 365 subscription ends, the Office 365 tenant account is in this grace period, known as expired state. During this period, users can still access data. If the subscription ended unintentionally, a rare event I’d argue given the many alerts you get to prevent termination of subscription due to issues such as non-payment, this is a good time to set things right. After 30 days, the tenant account enters disabled state for 90 days. During this period, users no longer have access to data. The admin can still log in, backup data if required, or reactivate the subscription. At the end of the disabled state, which is 120 days after your subscription has expired, the account enters the deprovisioning state. This is when the data – from user accounts to email data and documents, is deleted permanently. State of subscription When What happens Expired 1-30 days after end of subscription All users have access Disabled 31-120 days after end of subscription Admin has access Admin can reactivate and backup data Deprovisioned After 120 days of end of subscription All user data is deleted (User data, documents, email, including mailboxes on hold and inactive mailboxes) Expedited deprovisioning Within 3 days of end of subscription All user data is deleted You can request expedited subscription deprovisioning by calling Support. Support will generate a lockout code. You must enter the lockout code in the admin portal. User data, documents, email, including mailboxes on hold and inactive mailboxes, are deleted. The tenant is removed as per normal tenant lifecycle. See What happens to my data and access when my Office 365 for business subscription ends? in Office 365 documentation for details. There are a few compliance-related questions arising out of end of subscription. 1. How quickly will you delete data after my organization’s Office 365 service ends? Some time after 120 days. The jobs that delete data do so based on service load. You can expect data to be permanently deleted in a reasonable timeframe after the 120 days have elapsed. 2. How can I ensure my organization’s Office 365 data is deleted quickly after service ends? Many security and compliance-minded organizations want to ensure there’s no residual data in a cloud service after they end service. Office 365 customers can request expedited deprovisioning by calling Support. Expedited deprovisioning ensures your users' data is deleted within 3 days. 3. Is data immutability maintained after service ends? (In other words, are mailboxes placed on In-Place Hold or Litigation Hold retained after service ends?) By far one of the most frequently asked questions. Data immutability refers to the ability to preserve data – in essence, protecting it from destruction and tampering. See links to additional resources on Immutability, In-Place Hold and Litigation Hold below. No. Microsoft’s responsibility as a service provider ends after your service ends, which is when you stop being a customer/subscriber of the service. As noted above, data is permanently deleted when your tenant account enters the deprovisioning state, within a reasonable time after 120 days of end of subscription, or within 3 days if you request expedited deprovisioning. Mailboxes placed on In-Place Hold or Litigation Hold, including inactive mailboxes, are also deleted as part of deprovisioning. Immutability in Office 365 and Exchange Since publishing this post, I've received some questions about how we achieve immutability in Office 365 and Exchange. Check out the following resources for answers: Blog and whitepaper: Office 365 Exchange Online Archiving now meets SEC Rule 17a-4 requirements Whitepaper: Achieving Immutability with Exchange Online and Exchange Server 2013 AskPerry blog: Immutability in Exchange Blog: In-Place eDiscovery and In-Place Hold in the New Exchange – Part II Documentation: In-Place Hold and Litigation Hold Bharat Suneja Updates 3/16/2017: Added following clarification about expedited deprovisioning: You can request expedited subscription deprovisioning by calling Support. Support will generate a lockout code. You must enter the lockout code in the admin portal. User data, documents, email, including mailboxes on hold and inactive mailboxes, are deleted. The tenant is removed as per normal tenant lifecycle. Changed "All customer data is deleted" to "All user data is deleted" in table.Litigation Hold and In-Place Hold in Exchange 2013 and Exchange Online
In Exchange 2010 and Exchange Online, we introduced Litigation Hold to allow you to immutably preserve mailbox content to meet long term preservation and eDiscovery requirements. When a mailbox is placed on Litigation Hold, mailbox content is preserved indefinitely. Placing a mailbox on Litigation Hold You can place a mailbox on Litigation Hold by using the Exchange Administration Center (EAC) or the Shell (set the LitigationHoldEnabled parameter). In Exchange 2010, you can also use the Exchange Management Console (EMC) to do this. Figure 1: Enabling Litigation Hold for a mailbox using the EAC in Exchange 2013 and Exchange Online Figure 2: Adding a note and a URL to inform & educate users placed on Litigation Hold Preserving items for a specified duration To preserve items for a specified period, we added the LitigationHoldDuration parameter to Exchange Online. This helps you meet your compliance needs by preserving all items in a mailbox for the specified duration, calculated from the date the item was created (date received in case of inbound email). For example, if your organization needs to preserve all mailbox data for seven years, you can place all mailboxes on Litigation Hold and set the LitigationHoldDuration to 7 years (in days). This functionality is also available in Exchange 2013, allowing you to preserve items for a specified duration in your on-premises organization – one example of how developments in Exchange Online benefit Exchange Server on-premises. In-Place Hold in Exchange 2013 and Exchange Online In Exchange 2013 and the new Exchange Online, we introduced In-Place Hold, which allows more flexibility in preserving your data. Hold functionality is integrated with In-Place eDiscovery to allow you to search and preserve using a single wizard or a single cmdlet (New-MailboxSearch). You can use the In-Place eDiscovery & Hold wizard or the cmdlet to search for and preserve items matching your query parameters, known as a query-based In-Place Hold, preserve items for a specified period, known as a time-based hold, and also preserve everything indefinitely, which emulates the old Litigation Hold feature. Check out In-Place eDiscovery and In-Place Hold in the New Exchange - Part I and Part II for more info. Using Litigation Hold in Exchange 2013 and Exchange Online If you tried placing a mailbox on Litigation Hold using the EAC or the Shell, both the interfaces displayed an alert message with a recommendation to switch to the new In-Place Hold feature. This recommendation was also reflected in the product documentation. Figure 3: Warning displayed when using Litigation Hold in the EAC in Exchange 2013 Litigation Hold isn't going away: Since the release of Exchange 2013 and the new Exchange Online, we've received a lot of questions and feedback from you about whether Litigation Hold will be removed. We want to clarify that we do not plan to remove Litigation Hold from Exchange Online or Exchange 2013. We've removed the alert from Exchange Online and in Exchange 2013 SP1. We've also removed the recommendation from Exchange Online and Exchange 2013 documentation. Use the hold feature that best meets your needs You can use either hold feature to preserve mailbox data in Exchange 2013 and Exchange Online, based on your preservation needs. Here are some scenarios to help you choose between the two holds. You want to… Use Litigation Hold Use In-Place Hold Preserve all items in a mailbox Yes Yes. To preserve all items, don’t specify any query parameters. Preserve all items in a mailbox for a specific duration Yes. Specify the LitigationHoldDuration parameter for the mailbox using the Shell. Yes. Create a time-based In-Place Hold. Specify the duration in the In-Place Hold settings in EAC or ItemHoldDuration parameter from the Shell. Preserve items matching query parameters No. Litigation Hold preserves all items. Yes. Create a query-based In-Place Hold. Specify query parameters such as start date, end date, sender, recipients and keywords. Specify types of items to preserve (such as email, calendar, notes) No. Litigation Hold preserves all items. Yes. You can use the EAC or the MessageTypes parameter from the Shell. Specify hold settings for members of a distribution group Yes. Use the Get-DistributionGroupMembercmdlet in the Shell to pipe distribution group members to the Set-Mailbox cmdlet. 1 Yes. Easily specify distribution groups in the In-Place eDiscovery and Hold wizard in the EAC or in the SourceMailboxes parameter in the Shell. 2 Max users on hold No. Litigation Hold is a mailbox parameter. No maximum limits apply. You can use the Shell to quickly place all users in an organization on hold. You can specify a maximum of 10,000 users per In-Place Hold object. To place additional users on hold, you must create another hold. Place multiple holds on a mailbox No Yes. You can place a user on multiple In-Place Holds, for example when a user is subject to multiple investigations or legal cases. Make mailboxes inactive to preserve data in Exchange Online Yes 3 Yes Archive Lync conversations and meeting content to Exchange Yes Yes 1 Distribution group is expanded when you run the command. Future changes to the group require running the command again. 2 Distribution groups are expanded only when you create or refresh the In-Place Hold. Future changes to the group require refreshing the search object. 3 Inactive mailboxes is an Exchange Online feature. The linked documentation is being updated to clarify you can also use Litigation Hold to make a mailbox inactive. Bharat Suneja Updates 12/11/2013: Added 'Specify types of items to preserve' row to comparison table. 12/11/2013: Added 'ItemHoldDuration' parameter to comparison table. 8/12/2014: Updated max mailboxes per In-Place Hold limit to 10,000 mailboxes. Added link to Place all mailboxes on hold. Added another row to table for archiving Lync content to Exchange. 6/3/2015: Changed the Litigation Hold column for "Archive Lync conversations and meeting content to Exchange" row in table to "Yes". Litigation Hold also enables you to archive Lync content in Exchange. Removed the following text: "To archive Lync Online IM conversations to Exchange Online, you must place a mailbox on In-Place Hold. In on-premises deployments, you can configure Lync Server to archive to Exchange Server without placing the user on In-Place Hold."Using Exchange Web Services to Apply a Personal Tag to a Custom Folder
In Exchange 2010, we introduced Retention Tags, a Messaging Records Management (MRM) feature that allows you to manage email lifecycle. You can use retention policies to retain mailbox data for as long as it’s required to meet business or regulatory requirements, and delete items older than the specified period. One of the design goals for MRM 2.0 was to simplify administration compared to Managed Folders, the MRM feature introduced in Exchange 2007, and allow users more flexibility. By applying a Personal Tag to a folder, users can have different retention settings apply to items in that folder than the default tag applied to the entire mailbox(known as a Default Policy Tag). Similarly, users can apply a different tag to a subfolder than the one applied to the parent folder. Users can also apply a Personal Tag to individual items, allowing them the freedom to organize messages based on their work habits and preference, rather than forcing them to move messages, based on the retention requirement, to an admin-controlled Managed Folder. You can still use Managed Folders in Exchange 2010, but they’re not available in Exchange 2013. For a comparison of Retention Tags with Managed Folders and migration details, see Migrate Managed Folders. If you like the Managed Folders approach of being able to create a folder in the user’s mailbox and configure a retention setting for that folder, you can use Exchange Web Services (EWS) to accomplish something similar, with some caveats mentioned later in this post. You can write your own code or even a PowerShell script to create a folder in the user’s mailbox and apply a Personal Tag to it. There are scripts available on the interwebs, including some code samples on MSDN to accomplish this. For example: Stamping Retention Policy Tag using EWS Managed API 1.1 from PowerShell (Exchange 2010) 5 Lesser Known Operations in Exchange Web Services on Exchange 2013, Exchange MVP Glen Scales’ post on the MVP Program Blog, which uses a simpler method to do this on Exchange 2013. Note: The above scripts are examples for your reference. They’re not written or tested by the Exchange product group. But is it supported? We frequently get questions about whether this is supported by Microsoft. Short answer: Yes. Exchange Web Services (EWS) is a supported and documented API , which allows ISV s and customers to create custom solutions for Exchange. When using EWS in your code or PowerShell script to apply a Personal Tag to a folder, it’s important to consider the following: For Developers EWS is meant for developers who can write custom code or scripts to extend Exchange’s functionality. As a developer, you must have a good understanding of the functionality available via the API and what you can do with it using your code/script. Support for EWS API is offered through our Exchange Developer Support channels. For IT Pros If you’re an IT Pro writing your own code or scripts, you’re a developer too! Above applies to you. If you’re an IT Pro using 3rd-party code or scripts, including the code samples & scripts available on MSDN, TechNet or elsewhere on the interwebs, we recommend that you follow the general best practices for using such code or scripts, including (but not limited to)the following: Do not use code/scripts from untrusted sources in a production environment. Understand what the script or code does. (This is easy for scripts – you can look at the source in a text editor.) Test the script or code thoroughly in a non-production environment, including all command-line options/parameters available in it, before installing or executing it in your production environment. Although it’s easy to change the PowerShell execution policy on your servers to allow unsigned scripts to execute, it’s recommended to allow only signed scripts in production environments. You can easily sign a script if it's unsigned, before running it in a production environment. So should I do it? If using EWS to apply a Personal Tag to custom folders helps you meet your business requirements, absolutely! However, do note and consider the following: You’re replicating some of the functionality available via Managed Folders, but it doesn’t turn the folder into a Managed Folder. Remember - it’s a Personal Tag! Users can remove the tag from the folder using Outlook or Outlook Web App. If you have additional Personal Tags available in your environment, users can change the tag on the custom folder. Users can tag individual items with a different Personal Tag. There is no way to enforce inheritance of retention tag if Personal Tags have been provisioned and available to the user. Users can rename or delete custom folders. Unlike Managed Folders, which are protected from changes or deletion by users, custom folders created by users or by admin are just like any other (non-default) folder in the mailbox. Provisioning custom folders with different retention settings (by applying Personal Tags) may help you meet your organization’s retention requirements. As an IT Pro, make sure you understand the above and follow the best practices. Bharat SunejaIn-Place eDiscovery and In-Place Hold in the New Exchange – Part II
In Part I of this post, we covered what’s new in In-Place eDiscovery in the new Exchange. In this post, let’s take a look at how the new Exchange retains data immutably. One of the first steps you must take when reasonable expectation of litigation exists or when served an eDiscovery request is to preserve messaging records so they can be produced when required. Before Exchange 2010, this was generally achieved using different methods, including archiving data to an external system, suspending automated deletion mechanism (such as Exchange’s Messaging Records Management), or in some cases - by instructing users to not delete records. Failure to preserve records required for litigation may expose your organization to legal and financial risk. In Exchange 2010 and Office 365, we introduced Litigation Hold to enable you to preserve messaging records. Litigation Hold is a mailbox property – placing a mailbox on litigation hold places all items in a mailbox on hold indefinitely (or until hold is removed), resulting in accumulation of a large volume of data – all of which may not be required to be preserved. In the new Exchange, you can use In-Place Hold to retain items immutably. In-Place Hold is integrated with In-Place eDiscovery, allowing you to perform both search and hold using the same interface and the same query parameters. You can use In-Place Hold in the following scenarios. Indefinite Hold: You can create an In-Place Hold without any query parameters and without a hold duration to hold all items in a mailbox indefinitely or until the hold is removed. This emulates the behavior of litigation hold. Query-Based Hold: Using In-Place Hold, you can create a search query and specify the source mailboxes and parameters such as keywords, senders and recipients, as well as start and end dates. You can also specify the type of items to search – email messages, calendar items such as meetings and appointments, tasks, notes, or Lync content archived in Exchange mailboxes. Time-Based Hold: Whereas Litigation Hold placed all mailbox contents on hold indefinitely or until you remove the hold, In-Place Hold allows you to specify a duration of time for which to hold items. The time is calculated based on the received date or the date the item was created in the mailbox (for items such as appointments, tasks and notes that are not sent/received). One of the more common feature requests in Exchange 2010 was to be able to specify a definite time period for which an item is retained. Whereas retention policies allow you to specify the email lifecycle and automatically delete items when the specified period is reached, they don’t guarantee retention for that period. In other words, you could specify items will be kept for a maximum of 7 years, but you couldn’t guarantee items won’t be deleted before that period by a user or a process. The commonly recommended workaround to meet this requirement was to use configure the Deleted Item Recovery period to the minimum period you want an item to be retained for. In this example, setting the deleted item retention period to 7 years means if a user deletes an item before 7 years, it is retained in the Recoverable Items folder for 7 years. However, the period for Deleted Item Retention is calculated from the date of deletion. If a user deletes an item after 6 years, it is retained for an additional 7 years in the Recoverable Items folder, resulting in a total retention period of 13 years. In others words, you can guarantee an item will be retained for a minimum of 7 years, but not the maximum retention period. In the new Exchange, when you create a time-based In-Place Hold, because the hold period is calculated from the item received/creation date, you can guarantee the item won’t be held beyond that period. You can combine a time-based In-Place Hold with a Retention Policy (that has a single default policy tag) to ensure items in the mailbox are deleted by the Managed Folder Assistant (MFA) after 7 years, and items deleted by a user or a process before that period are retained for at least the specified duration. You can also combine a query-based In-Place Hold with a time-based hold to preserved items matching query parameters for the specified period. You can also place a user on multiple holds - for example, when a mailbox may contain records pertaining to multiple cases or investigations. In-Place Hold & Permissions Like In-Place eDiscovery, In-Place Hold can be used by authorized users with delegated Discovery Management permission. However, there’s a slight twist. The Discovery Management role group is assigned the Mailbox Search and Litigation Hold management roles. The former allows an authorized user to create a mailbox search for In-Place eDiscovery and Hold. The latter actually allows you to place mailbox content on hold. If a user is only assigned the Litigation Hold role, for example by creating a custom role-based access control (RBAC) role group or via membership of a role group such as Organization Management that has the Litigation Hold role assigned, the user is able to use In-Place Hold - but only to place all mailbox content on hold. The user can’t specify query parameters. In other words, the user can’t create a query-based In-Place Hold. Creating an In-Place Hold Let’s go back to the query Robin created in Part I of this post. When creating the In-Place Hold, on the Mailboxes page Robin must select Specify mailboxes to search and select the mailboxes or distribution groups. If she selects Search all mailboxes, the option to place content on hold will not be available. You must specify mailboxes or distribution groups to place on hold. If you select Search all mailboxes, the option to place content on hold will not be available. Figure 1: To create an In-Place Hold, you must select Specify mailboxes to search Note: If you select a distribution group, the hold applies to mailbox users that are members of the group when the hold is created. On the Search query page, Robin can use the same query she used for the In-Place eDiscovery. Figure 2: Messages matching query parameters are preserved She can also select the message types to place on hold. Figure 3: You can specify the message types to hold or hold all message types Placing archived Lync content on hold If the new Lync is enabled to archive Instant Messaging and meeting content into the new Exchange, Lync content is archived in the user’s mailbox and automatically placed on hold. You need to configure OAuth authentication between Lync and Exchange to enable this. Additionally, the mailbox must be located on a Mailbox server in the new Exchange. On the In-Place Hold settings page, Robin selects the option to Place content matching the search query in selected mailboxes on hold. She can then select Hold indefinitely to hold content indefinitely (or until the In-Place Hold is removed or a mailbox is removed from the search). To hold items for a specific period, she can select Specify number of days to hold items relative to their received date and specify the number of days. Figure 4: You can specify a hold duration or hold items indefinitely It’s important to reiterate here that for the time-based hold, the duration is calculated from the date a message is received/created. How In-Place Hold Works Let’s take a look at what happens under the hood. When a user deletes a message, it goes to the Deleted Items folder. When the Deleted Items folder is emptied or messages are deleted from it, or the user uses Shift-Delete to delete a message, it is moved to the Recoverable Items\Deletes folder. Contents of this folder are exposed when the user uses Recover Deleted Items in Outlook or Outlook Web App. If the user doesn’t do anything, messages from the Deletes folder are purged when the Deleted Items Retention period configured for the mailbox database or the user expires. If the user deletes a message from this view, few things can happen: If Single Item Recovery is enabled for the mailbox, the item is moved to the Recoverable Items\Purges folder and retained until the deleted item retention period expires. This provides the administrator the capability to recover items without having to recover from backups. If the mailbox is placed on Litigation Hold, the items is moved to the Recoverable Items\Purges folder and retained until the hold is removed. If the mailbox is placed on an In-Place Hold, the item is moved to the Recoverable Items\DiscoveryHolds folder. Figure 5: Deleted items and original copies of modified items are preserved in the Recoverable Items folder of each mailbox When the MFA , a mailbox assistant that processes mailboxes and expires content, processes the mailbox, it checks if messages meet the query parameters of any In-Place Holds the user is placed on. This evaluation is done for up to 5 queries, beyond which all items are retained – emulating the same behavior as litigation hold. If the number of holds is brought below 5, the MFA again reverts to the query-based In-Place Hold behavior. When the In-Place Hold is removed, messages placed on hold are removed if they no longer match query parameters of any other In-Place Hold that the user may have been placed on. In-Place Hold and Immutability When talking about preservation, the concept of immutability invariably comes up. Immutability means messages placed on hold must be preserved without alteration. Not only should we prevent them from deletion (even if the user placed on hold thinks they’ve successfully purged the message), but the messages should also be prevented from tampering or alteration. Immutability is not a product feature but a combination of feature and the hold processes your organization implements. In-Place Hold also helps you preserve content from intentional tampering or modification. This is achieved by performing a copy-on-write (COW) – when the user or any process attempts to modify a message, before the modified message is saved a copy of the original message is made and saved in the Recoverable Items\Versions folder. Items captured in the Versions folder are also indexed and returned in an In-Place eDiscovery search. When the hold is removed, the copies made in the Versions folder are also removed by the Managed Folder Assistant. Together, In-Place Hold and In-Place eDiscovery provide an easy-to-use mechanism for authorized legal, human resources or other non-technical personnel to easily search and immutably preserve messaging records. Bharat Suneja and Julian Zbogar-Smith
