Exchange Online Archive and Single Item recovery
Posted on 2014-04-02
We are currently looking to implement online archiving in Exchange 2010.
From my perspective, we are doing it to relocate the older messages to some cheaper storage, while making primary mailbox sizes are little more manageable.
Management however, want to ensure that once an item is moved to the online archive that it cannot be permanently deleted until after a 7 year retention period (for discovery purposes).
Journaling isn't an option at this point..
We have an Archive RPT which moves the items to the users archive after 90 days.
We have another RPT which will Delete items from the Archive after 7 years (Delete no Recovery).
We then have "Keep deleted Items for", set to 30 Days on the Primary Mailbox Database.
and then have "Keep deleted Items for", set to 7 years (2555 Days) on the Archive Database(this is so that items are not immediately deleted if the user manually deletes from the archive).
Obviously with this setup, users will be able to purge items from the "Deletions" sub folder (Recover Deleted Items) if they want to remove it from the archive.
My understanding is that if I enable Single Item Recovery for everyone, then the items that the user might remove from the "Deletions" sub folder will be transparently moved to the "Purges" sub folder, and are therefore discoverable if required, up until the retention period of each database (30 days for Primary mailbox, 7 years for archive).
This sounds like exactly what we are after.
Thus my questions;
Apart from the obvious storage implications of doing this (7 years is alot of email), are there any other issues\risks associated with going down this method for email retention?
Is there a better way of achieving what we are after? I dont suppose we could completely restrict deletion access to the users archive completely for example?
If a user was to drag an item back into their primary mailbox.. and then delete it before the Managed Folder Assistant moved it back to the archive.. Would that be a potential hole in the retention requirement?
What are others out there doing to ensure that there are permanent records of all email communication within your organisations? I mean, putting a mailbox on litigation hold is great.. but what happens if the incident in question was 6 months ago.. and we are only now being made aware that the mailbox is under investigation?
Thanking you all in advance for your insight..