Moving to Microsoft 365 Retention Policies
When I wrote about Microsoft 365 retention policies last September, I argued that Exchange Online mailbox retention policies offer some advantages over their Microsoft 365 counterparts. Briefly, the advantages boil down to the ability to control retention for default folders like the Inbox and the availability of the move to archive action. Microsoft 365 retention policies operate on a container basis (the mailbox) and don’t include move to archive as a retention action. If you’re in a hybrid organization, being able to apply the same retention settings (using separate sets of retention policies) to on-premises and cloud mailboxes might be deemed another advantage.
Although it might seem a small point, having retention policies move items from primary mailboxes to archive mailboxes on an ongoing basis keeps primary mailboxes uncluttered while preserving the ability to find old items when necessary. You can argue that offloading old email to an archive is more important in on-premises environments where mailboxes are usually smaller than the 100 GB norm for enterprise Exchange Online deployments. This is true, but it still doesn’t get past the point that much inter-organization communication flows via email and it’s usually important to retain these messages for extended periods. Moving to the archive is an effective way to retain email without having old messages get in the way of users.
The downside of focusing on Exchange Online retention is that Microsoft’s attention is fixed firmly on Microsoft 365 retention policies. The addition of adaptive scopes to identify target locations or being able to use the presence of sensitivity labels as a condition for auto-label retention policies are two examples of recent improvements in Microsoft 365 retention.
Maximizing the Benefit of Both Types of Retention
Although acknowledging where Microsoft’s interest lies, it makes sense for customers to consider whether they should leverage the unique abilities and strengths of the two types of retention processing in their information governance strategy. However, we should also begin the conversation about how to transition from Exchange Online mailbox retention policies to Microsoft 365 retention policies. Briefly, the major points of the transition are:
- Replace Exchange personal tags from mailbox retention policies with Microsoft 365 retention labels. To make the changeover seamless, use the same name for both personal tags and retention labels.
- Remove Exchange folder tags from mailbox retention policies and replace them with retention policies published to the mailboxes using label publishing policies.
- Replace default deletion tags in mailbox retention policies with Microsoft 365 retention policies.
- Limit the use of Exchange Online mailbox retention policies to moving messages into archive mailboxes.
Remember, a mailbox can have just one mailbox retention policy. However, it can come within the scope of multiple Microsoft 365 retention policies. In this strategy, we remove Exchange personal, folder, and default tags from the set of mailbox retention policies assigned to user mailboxes and replace them with retention policies and label publishing policies.
When the process is complete, Exchange mailbox retention policies will only include a default archive tag to control the movement of items into the archive. If you don’t want to use archive mailboxes and intend keeping everything in primary mailboxes you can remove all the mailbox retention policies. At that point, Microsoft 365 retention policies and labels will perform all retention processing for the organization.
It’s important to emphasize that you should not delete any Exchange retention tag (personal, folder, or default) from your organization. Instead, by removing the tags from mailbox retention policies, you make the tags unavailable to users. Existing tags remain stamped on items unless superseded by application of a retention label. As time passes, items will age out, the Mailbox Folder Assistant (MFA) will remove them, and the Exchange tags will disappear from use.
Replace Exchange Personal Retention Tags
Personal retention tags exist to allow users to mark folders (except the default folders such as the Inbox) and individual items for special retention processing. For instance, a personal tag might retain items for ten years. To replace these tags, we:
- Create replacement Microsoft 365 retention labels with the same retention settings and publish the labels to users.
- If multiple mailbox retention policies are in use for different sets of users, you might need equivalent Microsoft 365 retention publishing policies to get the right labels to the right users. On the other hand, you might be able to rationalize label publishing to a smaller set of policies.
- Remove the Exchange personal retention tags from mailbox retention policies.
An item can only ever have a single retention label or tag, either implicit (inherited from the folder or mailbox default) or explicit (applied by the user). If an item comes within the scope of multiple labels or retention policies, the rules of retention apply. Usually, this boils down retention winning over deletion and the application of the longest retention period. No one wants to remove information before its time.
Remove Exchange Folder Tags
Folder tags exist to apply retention settings to default Exchange mailbox folders such as the Inbox, Sent Items, and Deleted Items. As Microsoft 365 retention policies apply the same settings across all mailbox folders, no further need exists for these folder tags, so we can remove the folder tags from mailbox retention policies.
Clients like OWA which support retention policies won’t allow users to apply a retention label to a default folder. Users can apply retention labels to any folder they create.
Replace Default Deletion Tags
A default deletion tag applies retention to any mailbox item which does not come under the control of a more specific tag (personal or folder). Microsoft 365 retention policies taken on the role of default deletion tags, so they are no longer required and can be removed from mailbox retention policies.
Keep the Default Archive Tag
On the other hand, if you intend to continue moving items from primary mailboxes to archive mailboxes as part of your retention strategy, you must keep the default archive tags in mailbox retention policies. A default archive tag instructs MFA to move items after they reach a certain age. For example, you could have a mailbox retention policy with:
- A default archive tag to move items into the archive mailbox after a year.
- A default deletion tag to remove items from the mailbox (primary and archive) after seven years.
In this configuration, items stay in the primary mailbox for a year and then move to the same folder in the archive mailbox and stay there for another six years. When items are seven years old, the MFA removes them from the archive mailbox.
Microsoft 365 retention policies process both the primary and archive mailboxes, so if we leave the default archive tag in place, MFA will respect its instructions to move items to the archive, and then respect the policy settings to remove items.
Making the Changes
To remove the personal tags, access the compliance management section of the old Exchange admin center and select the retention policy to update (Figure 1).
Now remove everything from the policy except the default archive tag (Figure 2). We keep this to ensure that MFA continues to move items to the archive mailbox after the tag’s retention period expires (in this case, 1095 days, or 3 years). Note that this policy does not have a default delete tag.
The next time MFA processes mailboxes, it removes the Exchange personal tags and makes the Microsoft 365 retention labels available to users. This can be a gradual process to remove Exchange personal tags and introduce retention labels. MFA makes sure that the set of retention policy labels displayed to users includes both Exchange tags and Microsoft 365 labels. Figure 3 shows OWA displaying a set of labels including both personal tags (like Remove after 1 week) and retention labels (like Formal Company Record and Required for Audit). You can also see two personal tags with move to archive actions listed on the top of the set.
Although MFA hides the Exchange personal tags after their removal from mailbox retention policies, users can still access personal tags through the OWA retention policies option, which lists the set of Exchange personal retention tags not already assigned to the user by policy (Figure 4). After the user selects a tag, it joins the set displayed by OWA and Outlook desktop when the user applies a policy to an item.
Unfortunately, there’s no way to suppress the display of personal tags through the OWA option. As mentioned above, don’t remove the personal tags from the tenant as this might lead to the unexpected deletion of important items, so it’s best to advise users to avoid using the OWA option.
OWA doesn’t include Microsoft 365 retention labels as part of the set shown to users, so OWA options doesn’t support a switchover to retention labels until Microsoft does the work to upgrade the client.
End Game
After making all the changes, you should be in this position:
- Exchange mailbox retention policies have a single default archive tag and nothing else.
- Microsoft 365 retention labels replace the Exchange personal tags.
- Microsoft 365 retention policies process any mailbox items that don’t have an assigned retention label (or old Exchange retention tag).
- Users experience no change because clients display the same set of retention labels. There might be a changeover period of a few days when both retention labels and retention tags appear in the lists displayed in clients, but this is a matter of timing (label publication), and MFA will resolve the duplication over time.
There is a small loss in functionality because you no longer assign folder tags to default mailbox folders. However, if retention policies have reasonable retention periods, it’s unlikely that users will notice the difference. In any case, users should receive guidance about how to use retention labels to mark items/folders of particular importance that they wish to keep.
Eventually, Microsoft might provide a Microsoft 365 retention policy setting to enable movement of email into archive mailboxes. At that point, the need for Exchange Online mailbox retention policies will disappear.
Hi Tony. Quick Q – we have MRM Legacy moving items into archive after 2 x years. And a retention policy in M365 for all mailboxes to retain for 7 x years and then delete.
However, we specifically use legacy MRM tags to remove items after 30 x days from junk and deleted items. If we want to continue clearing out these folders must we keep these MRM tags, as can’t see how we can target folders in M365 policies?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
There is no way to target individual folders with Microsoft 365 retention policies. You need MRM for that.
Thanks for confirming!
Hi. We have since seen some odd behaviour where using both modern and legacy policies in harmony.
Scenario – a) modern m365 policy with 7 x year retention set. b) legacy mrm to move items to archive > 2 yrs c) legacy mrm to remove from deleted items > 30 x days d) legacy mrm remove from junk folder > 30 x days. a and b seem to work fine and as expected. But c and d do not even show as applied tags to users exo mbx’s so we suspect from further sources that the specific legacy policy mrm tags on folders (c, d) lose out against a modern policy where set (a) and do not work / apply?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I’m afraid that it’s impossible to know what’s happening without access to your tenant data, which I obviously don’t have.
What sources are you citing? It’s entirely possible that things have changed since the article appeared. There have been many changes in the compliance area over the last two years.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
BTW, I amended the retention policy for a folder to apply a mailbox retention tag that removed items after a week. I then ran Start-ManagedFolderAssistant and after a short while, all items more than 7 days old were deleted.
I think there’s a couple of notes to be had here.
1. It’s important to delineate the functional differences between MRM, modern retention policies, and modern retention labels.
Despite the core object in MRM being a “Retention Policy tag,” its only activities are “Delete on this schedule” and “Move to archive.” There’s no actual protection done of content. Modern retention policies have that capability scoped to the mailbox container level but lack the native configuration granularity of MRM because there’s no recognition of folders like MRM. Modern retention policies have no concept of leaf items; only workload containers (mailboxes, teams, SharePoint sites, etc.).
From the leaf object perspective, a close match to MRM might be modern retention labels. They can be applied (in the end-user context) the same as MRM to individual items (folders, messages, calendar items, and the like). However, like their modern retention policy counterparts, they lack the granular, programmatic service-side assignability that MRM policies do.
2. EWS can be used to apply modern retention labels just like it can be used to apply legacy MRM labels. In fact, I demonstrated this here: https://www.undocumented-features.com/2019/08/27/apply-security-compliance-center-retention-labels-to-outlook-folders/. It’s the exact same syntax whether the policy GUID is related to MRM or retention labels. However, public access to EWS is scheduled to be turned off on October 1, 2026, so building a solution that relies on EWS to apply modern retention labels isn’t viable long-term.
Sadly, there are no available Graph cmdlets or endpoints that work with leaf-object application of retention labels. This is a huge gap area and not likely to be ever addressed.
3. You’re spot-on with the Move-to-Archive functionality. There’s nothing in the modern retention policy/label architecture that allows for that feature. It’s not in the roadmap and won’t ever be–which is also disappointing. From an overall content management perspective (with the 100GB limitation for mailboxes and potential for unlimited archiving), it totally makes sense to retain a legacy MRM configuration that allows you to move content from the primary to archive mailboxes on a defined schedule to help avoid hitting that limit.
4. While you *can,* from a technical perspective, implement modern retention policies and labels against shared, room, or equipment mailboxes (as long as you have at least a single Exchange Online P2 or Office 365 E3 license in the tenant), they must have an Exchange Online Plan 2 license or an Exchange Online Archiving license to be compliant with the service terms.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I address some of these concerns, like the ability of MRM to function at a more granular level within a mailbox, in another article: https://practical365.com/exchange-online-retention-m365-retention/
I believe Graph API access for retention labels is coming. However, it could be that server-side application of labels via the API might be one of the metered APIs that Microsoft loves to introduce, like that for sensitivity labels.
BTW, unlimited archiving is no longer unlimited. Microsoft applied limits some time ago. https://practical365.com/microsoft-caps-exchange-onlines-unlimited-archive/. The 1.5TB limit reported in September 2021 remains the same today https://learn.microsoft.com/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits?WT.mc_id=M365-MVP-9501#storage-limits
Hi Tony,
If I use the ‘Keep content forever’ and apply to all the mailboxes, mailboxes are with E3 and F3 license, what happens when the mailbox reaches its limit? Do you suggest to Archive through Archive policy ?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Microsoft 365 retention policies don’t handle archiving, so you need to use a mailbox retention policy to archive items. It depends if you want to keep things for a long time. If you do, then yes, move them to the archive. That’s what it’s there for.
Hello Tony – this is a great article. Thank you. We are still on Exchange 2016 in a hybrid setup with a handful of users testing Exchange Online. We have been using retention policies and personal tags for years and users have tagged them to folders and individual emails. If we create the same retention policy in Exchange online is there a way for those emails to retain those policies, are we going to have to migrate the mailbox, apply the new policy and set the policy on hold, have the user retag all the emails and then remove the hold? Is there a script in existence that could possibly help with this? I’ve got about 10,000 mailboxes to move.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
It’s a while since I touched hybrid, but https://techcommunity.microsoft.com/t5/exchange-team-blog/hybrid-organization-configuration-transfer/ba-p/607944 the HCW has an option to transfer configuration information from on-premises to the cloud. This includes retention policies and tags. It’s important to have the same GUIDs for the tags on both sides because that’s how the Managed Folder Assistant recognizes the tags. But it’s a while since I have done this, so some testing is necessary.
Thank you, sir. I appreciate the response – it is very helpful.
Hi Tony, thanks for the article!
We are using M365 retention policy to delete messages older than 2 years. It’s working nicely except in the Deleted Items Folder (bin). There are thousands of emails older than 2 years in some mailboxes. But we need to permanently delete messages in the Deleted Items Folder older than 30 days which is not working with M365 retention policies.
In the Default MRM policy there is also no way to add a retention tag for the Deleted Items Folder, so we create a new MRM policy with that tag and assign it to the users.
However, it has strange behavior – after the MRM application of the policy (after Start-ManagedFolderAssistant) it labels emails already in a bin with 30 days retention tag.
But if a user deletes a new email, it has 2 year retention tag, same as in Inbox, etc., and not the 30 days tag
Which retention policy (M365 or Exchange legacy (MRM)) takes precedence?
What is the best practice in our scenario (delete emails after 2 years and also delete Deleted Items after 30 days simultaneously)?
Thanks for the advice!
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I am puzzled why you say that there’s no way to add a Deleted Items folder tag to the Default MRM policy because I have such a tag in place to remove items from Deleted Items after 180 days.
The tag placed on newly-deleted items could be one assigned to the item by the user and retained after moving into Deleted Items. It could also be the effect of the change made by Microsoft earlier this year (https://office365itpros.com/2023/06/07/exchange-online-mrm-update/).
Obviously, I can’t see your data so I am at a loss to understand what’s going on. But I can tell you that the MFA treats retention tags (EXO) and retention labels/policies in the same way. The most explicit assignment always works. Neither MRM nor Microsoft 365 policies take precedence.
If I tried to add a Deleted items folder tag to the Default MRM Policy in the Compliance web portal, it went off without a hitch.
But after the page was refreshed, the tag was not there (repeatedly). So I concluded that MS made changes and we have to create our own MRM policy. My bad, I didn’t try it through Powershell before I created new MRM policies.
The user did not tag newly deleted items. I suspect that the 30-day tag will not be added until the next time MFA is launched and until then it has a 2-year tag.
Thank you for the clarification of the MFA processing!
Hi Tony,
This is 2-nd or 3-rd of your article I have met on my way to administration of Exchange online server. Every article is useful and clear for understanding. Thank for brief and clear texts.
There is Shared mailbox and many users do “SendAs” and/or “SendOnBehalfOf” this mailbox. I would like to immediate remove sent messages from “Sent” folder of this Shared mailbox (to avoid sent messages duplication – they moved to right folder by rules (created with powershell) but they remain in “Sent” folder too).
Could you please clarify one simple question?
Is this right way for immediate removing sent messages from shared mailbox with retention policy?
For instance, I create retention policy tag (some like New-RetentionPolicyTag “Immediate-DeletedItems” -Type SentItems -RetentionEnabled $true -AgeLimitForRetention 1 -RetentionAction PermanentlyDelete), then create retention policy with this policy tag then apply one to that Shared mailbox?
As far as I understand it should remove messages only next day but not immediately…
Or it is too complicated one and there is/are better way(s) to get the result?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The items will only be removed the next time the MFA processes the mailbox, so even if you set a 1-day limit, the items are likely to be there for up to a week.
I don’t know of any other automated way to remove items from mailboxes, short of writing a script to do so (like https://practical365.com/mailbox-clean-up-script/).
Hi Tony,
thank for your clarification!
This week I will check script you told about deeply (I dislike to run scripts when I don’t understand what they’re doing).
How can I determine when MFA processes will start? At least for information for me as admin
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
You can’t determine when the managed folder assistant starts. It runs on a workcycle basis controlled by Exchange Online. You can use the start-managedfolderassistant cmdlet to force a run.
Hi Tony,
Is there manner to run
start-managedfolderassistant
with schedule? Like the cron service? (every day at 03:00am for instance)
Or I can run he start-managedfolderassistant cmdlet only by hand?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
There’s no way to run Start-ManagedFolderAssistant on a schedule unless you build a script and use Windows Scheduler or an Azure Automation runbook.
Hi Tony, appreciate your support for the MSFT community. I´ve got a question. We`re using MFA retention tags to move mails after 2 years to the in-place archive by default. That workes fine. I have a problem with the m365 retention policies. We`ve created a exchange retention policy to maintain all items for 10 years and then do nothing (assigned to all users). Now i`ve created a new retention policy called “Delete after 7 years” which i applied to all users but excluded a scope of users where we would like to keep items forever. The “Delete after 7 years” policy seems to work. Prob is the following, now i`ve created the “Keep items forever” policy and added only the scope of users which should keep items forever. In outlook i can only see the MFA retention in the header of an e-mail, i cannot validate if the “Keep items forever” policy is working. Should i see that in the e-mail header somewhere? Via Compliance PowerShell i can see that all policies are there and their settings but inside exchange online powershell i can only see using Get-RetentionPolicy the MFA legacy policy as assigned (move after 2 years to in-place archive). Based on the MSFT learn page this direct assignment to the scope of user should have a higher priority and should keep content forever, but i need to validate everything. Thanks for a feedback here.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
When MFA processes a mailbox, it combines the retention settings from Exchange mailbox retention policies and Microsoft 365 retention policies to decide what to do with mailbox items. From your description, I think the following happens to items:
1. Items are moved to the archive mailbox after 2 years.
2. For most users, items are deleted after 7 years (2 in mailbox, 5 in archive)
3. For users in the scope of the Maintain items for 10 years policy, items are kept for 10 years (2 in mailbox, 8 in archive) and then nothing happens (keep forever in archive).
All of this is done with default mailbox tags. Outlook only shows specific folder or personal tags applied to items, which is why you don’t see anything in the header (see https://office365itpros.com/2023/08/03/exchange-retention-tags-report/).
The only way to be sure is to check mailbox contents (in the archive). The policy lookup tool https://compliance.microsoft.com/informationgovernance?viewid=policyLookup only tells you what Microsoft 365 retention policies a mailbox is within the scope of. It doesn’t tell you anything about scoping for Exchange mailbox retention policies.
“1. Items are moved to the archive mailbox after 2 years.
2. For most users, items are deleted after 7 years (2 in mailbox, 5 in archive)rs online archive mailbox”
Question about this and I believe it is answered in your response quoted above but I can’t find any official MS source on it.
Are scenario is going to be similar:
1. Existing MRM policy to archive user mail (EXO) to their online archive mailbox after 1 YEAR
2. We intend to deploy an Adaptive Scope policy to delete all user mail after 2 years
My questions, does the adaptive scope policy targeting the user mailbox for delete after 2 years include their online archive mailbox? I hope that the answer here is yes!
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
From https://learn.microsoft.com/en-us/purview/archive-mailboxes
Both mailboxes are considered a user’s mailbox for compliance features such as Content search from the Microsoft Purview compliance portal, Microsoft 365 retention, and Litigation Hold.
Thank you Tony, I have artical, but many steps can´t implement 4e, 4f.
To exclude specific email items or mailbox folders from a retention policy in Microsoft 365, you can make use of retention policy tags (RPTs) and retention policy tags (RPTs). Here’s how you can achieve this:
4. Create a new retention tag that applies to the items or folders you want to exclude:
a. Click on “Add (+)” to create a new retention tag.
b. Provide a name and description for the retention tag.
c. Choose the appropriate retention action, such as “Delete and allow recovery” or “Don’t move to the archive”.
d. Configure the retention settings, including the retention period and any other desired options.
e. In the “Applied to” section, select the appropriate option to apply the tag to specific folders or items.
f. Specify the folders or items you want to exclude from the retention policy. You can use specific folder paths or item properties to target the desired items.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
You use clients like OWA or Outlook to apply the retention tags to folders or items. This is a user action. It can’t be done by admins.
Great article. How to exclude some email items (privete ) or mailbox folders from MS365 retention policy / Exchange Online. Thanks!
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The only way to exclude email items or folders from a Microsoft 365 retention policy is to apply a mailbox retention tag (which could be a Microsoft 365 retention label) to those items. Directly applied tags take precedence.
“Microsoft 365 retention policies process both the primary and archive mailboxes, so if we leave the default archive tag in place, MFA will respect its instructions to move items to the archive, and then respect the policy settings to remove items.”
Great article, as always.
In your example, the Exchange retention policy will remove items from an archive mailbox after 7 years. Does that supersede an M365 retention policy set to keep items indefinitely? Will the items be removed from the mailbox but still preserved by M365, or is the data gone?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Retention operates on a unified level, so if a Microsoft 365 retention policy exists to keep items forever, that’s what will happen. MFA knows about both mailbox and Microsoft 365 retention policies and evaluates removal based on the last hold on the data.
Hi Tony, Is there a way in legacy or M365 online archiving policies , that it can be enabled based on primary mailbox data size ,say for example mailbox size crosses 40 gb , it’s online archive gets enabled automatically and older data gets move to online archive to keep primary mailbox at 40 gb limit.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
You’d have to run a job to:
Find mailboxes that don’t have an archive.
Check if the mailbox is > 40 GB
If yes, enable the archive and assign a mailbox retention policy to move items to the archive.
To apply policies to specific default folders, like delete all “Deleted Items” after 30 days or delate all Junk Mail after 30 days, would we have to use Exchange policy for that vs. M365 Retention Policy or Labels?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Yes, Exchange mailbox retention policies are the only way to target specific folders. Microsoft 365 retention policies target the entire mailbox.
Hi Tony,
I am doing O365 tenant to tenant migration. At Source tenant I have a mailbox with exchange online archiving enabled and the archive mailbox size is 103 MB. Default MRM policy is applied. After the migration I have enabled archive at destination mailbox. I have separately migrated archive mailbox to archive mailbox only 103 MB data. After 10 days I am observing at the destination the archive size is 9 GB but at source its still 103 MB. There can be a change of the Primary mailbox data as new emails are coming in but why will there be so much difference in Archive data.
Hi Tony, thank you for this article. I am with a small company of 200+ users. We currently do not have Archiving enabled for any users (except myself for testing). I was testing with the old retention policies and retention tags to start implementing in our environment, but after reading this article, I wonder if I should start with Microsoft’s new method. We use Exchange online and based on our licensing, our users get 50GB of space, but we have some users approaching that limit and many need to save emails from 10-20 years. I wanted to enable Online archiving for users that are reaching their limit, but create a new retention policy and change the Default from “Default 2 year move to archive” to “Default Never Delete”, so that the users have control and can then assign the tag of their choice on all of their Outlook folders (Inbox and other), however I am having trouble understanding how to implement that strategy with the new Microsoft retention policies.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I think you should start with Microsoft 365 retention policies and use them to control the retention/deletion of email. You can supplement those policies with EXO mailbox retention policies that have a single default archive tag (remove all the other tags if you want to use the Default Mailbox Retention Policy). In other words, the EXO policies do nothing but control movement of items from primary to archive mailboxes. Items should move to the archive first (say after two years) and remain there until removed by the Microsoft 365 retention policies.
Makes sense. Thank you. Is there a way to force the new M365 retention policies to take effect instead of waiting 7 days? I tried the Start-ManagedFolderAssistant PowerShell command but that doesn’t seem to do anything with the new policies.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The Start-ManagedFolderAssistant cmdlet forces the MFA to process a mailbox, but the point of delay is getting the Microsoft 365 retention policies published to Exchange Online. This can take up to a week.
Do you know if the MFA is still applicable for Microsoft 365 retention policies OR is there a different process altogether that’s used to process Microsoft 365 retention policies? If it’s the latter, do we have any way to force that process to initiate without having to wait a week?
Hi Tony. Thanks for this! Can you elaborate on if there are competing Exchange Online Retention Tags and M365 Retention Labels, which takes precedence?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The principles of retention apply (https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide#the-principles-of-retention-or-what-takes-precedence).
Great article but I need more clarification.
License:
I have read everything about licensing. To use retention policy for shared mailbox it’s needed to assign a license: https://docs.microsoft.com/en-us/microsoft-365/admin/email/about-shared-mailboxes?view=o365-worldwide#:~:text=If%20you%20want%20to%20apply%20advanced%20features%20such%20as%20Microsoft%20Defender%20for%20Office%20365%2C%20Advanced%20eDiscovery%2C%20or%20automatic%20retention%20policies%2C%20the%20shared%20mailbox%20must%20be%20licensed%20for%20those%20features.
According the Information Governance licensing schema the shared mailbox needs Exchange P1 + Online Archiving.
Is it wrong?
Archive & Retain
I have some customer that they want to move to archive oldest messages and retain everything for some years. We have set archiving policy on legacy portal and Retantion policy on Compliance portal. This configuration brake the archiving policy because MFA can’t delete move messages from main mailbox. MS give us a solution after a lot of tentatives but I’m not convinced about the solution. What you think about?
Thank you a lot.
Renato
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
You only need an archiving license if you plan to archive items from a shared mailbox. You need the Exchange Online P1 license too. This would use a mailbox retention policy because Microsoft 365 retention policies don’t have the ability to move items to the archive.
You do not need a license to use Microsoft 365 retention policies unless you use advanced features like auto-label retention policies. “If you want to apply advanced features such as Microsoft Defender for Office 365, Advanced eDiscovery, or automatic retention policies, the shared mailbox must be licensed for those features.”
You’ll have to give more details of your configuration and tell what broke and the Microsoft recommendation for me to be able to comment further.
Is there any licensing implications with retention policies, in particular for shared mailboxes?
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Retention policies are covered by Office 365 E3 or above (Exchange Online Plan 2). You don’t need anything special for shared mailboxes unless you use a feature which requires licenses, like an archive.
Great article. I did notice when I published retention labels to Exchange Online, they took 6 days to show in supported Outlook clients. This is expected behaviour though as MS indicate it can take up to 7 days. They were available within one day when published to OneDrive, SharePoint & Groups.
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The Managed Folder Assistant must process a mailbox to refresh its set of retention labels (and tags). MFA runs on a weekly workcycle basis, so it can take up to 7 days before new labels show up. OWA should pick them up within a few hours, as do the other browser interfaces for SPO, etc.
Thank you Tony! Your suggestion to make 365 retention labels the same as those in Exchange On Prem worked for me. For weeks now I’ve been wondering why my retention policy in 365 has been moving at a snails pace. Once I synced the naming and cleaned up those ineffective tags the results were almost immediate. Great article!
The Real Person!
Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Glad my suggestions worked for you…