Solved

Exchange Online Archive and Single Item recovery

Posted on 2014-04-02
9
462 Views
Last Modified: 2014-05-13
We are currently looking to implement online archiving in Exchange 2010.

From my perspective,  we are doing it to relocate the older messages to some cheaper storage,  while making primary mailbox sizes are little more manageable.

Management however,  want to ensure that once an item is moved to the online archive that it cannot be permanently deleted until after a 7 year retention period (for discovery purposes).

Journaling isn't an option at this point..

We have an Archive RPT which moves the items to the users archive after 90 days.
We have another RPT which will Delete items from the Archive after 7 years (Delete no Recovery).

We then have "Keep deleted Items for", set to 30 Days on the Primary Mailbox Database.
and then have "Keep deleted Items for", set to 7 years (2555 Days) on the Archive Database(this is so that items are not immediately deleted if the user manually deletes from the archive).

Obviously with this setup,  users will be able to purge items from the "Deletions" sub folder (Recover Deleted Items) if they want to remove it from the archive.

My understanding is that if I enable Single Item Recovery for everyone,  then the items that the user might remove from the "Deletions" sub folder will be transparently moved to the "Purges" sub folder, and are therefore discoverable if required,  up until the retention period of each database (30 days for Primary mailbox, 7 years for archive).

This sounds like exactly what we are after.

Thus my questions;

1.

Apart from the obvious storage implications of doing this (7 years is alot of email),  are there any other issues\risks associated with going down this method for email retention?

2.

Is there a better way of achieving what we are after?  I dont suppose we could completely restrict deletion access to the users archive completely for example?

3.

If a user was to drag an item back into their primary mailbox.. and then delete it before the Managed Folder Assistant moved it back to the archive..  Would that be a potential hole in the retention requirement?

4.

What are others out there doing to ensure that there are permanent records of all email communication within your organisations?  I mean,  putting a mailbox on litigation hold is great.. but what happens if the incident in question was 6 months ago.. and we are only now being made aware that the mailbox is under investigation?
Thanking you all in advance for your insight..
0
Comment
Question by:adcass
  • 5
  • 4
9 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
If you really must retain everything for seven years (and the advice is that if you do not HAVE to, then you shouldn't do), then I would just put everything on legal hold for seven years. Then it is impossible for the end user to delete anything completely. Don't tell the end users that is happening though, so if someone tries to do something naughty, they get caught trying to cover their tracks.

Do what you have already done, so that you have some degree of management of the database sizes, particularly with migrating the data across to cheaper storage, but with the legal hold functionality there to ensure you have everything.

I usually advocate a more restrictive anti-spam regime in these scenarios, with the users getting a quarantine email at least once a day. The last thing you want is a lot of junk clogging up the database, but if they cannot delete anything then that is what will happen. If you quarantine everything, then if something is caught it can be released, but the true garbage is kept out of the live database.

Simon.
0
 

Author Comment

by:adcass
Comment Utility
Thanks for that.

The 7 year requirement is only on the archive.  I know its a little strange,  but the idea is apparently to give the users the ability to clean out their junk\personal email before archiving..  

Realistically,  this isn't going to happen, I know.

But then once its archived, its locked.. but then automatically removed at the end of the 7 years (via the Permanently Delete RPT).

I understand that if a mailbox is placed on legal hold, then outlook will reflect this as per the following, no?  so the users will be aware of it?

Litigation Hold Notification
And legal hold cannot be put on an automatic hold "period",  so if someone was with the organisation for say 10 years.. then there would be no way to automatically purge those items that had exceeded 7 years?

My understanding is that Single Item Recovery,  would at least adhere to the pre configured deleted item retention period on the actual mailbox database,  so once that 7 year deleted item retention expired, the items would purge?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I believe that message is optional - so if you don't set a message then it isn't seen.
The legal hold feature is to ensure that all content is held, lawyers would go mad if it allowed content over a certain age to be removed. I was only suggesting legal hold as a work around if you are concerned about users deleting the content. The other option is to use a third party tool to archive the content so a copy is kept outside of Exchange.

Simon.
0
 

Author Comment

by:adcass
Comment Utility
Thanks Simon,  I certainly appreciate you taking the time to comment.

Do you have any thoughts on using "Single Item Recovery"?
Do you have any experience with that?  Do you think it will achieve what we are after?
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Never used any kind of single item recovery, and I don't believe Microsoft support it either when used with a third party product.

If you must keep a copy of the content then journal it.
For recovery of content, I use a combination of full mailbox backups and deleted item recovery, with the option to not delete the item until a backup is successful enabled.

Simon.
0
 

Author Comment

by:adcass
Comment Utility
Thankfully there are no third party products in play here.
This is the feature im referring to...

Enable Single Item Recovery in Exchange

Single Item Recovery in Exchange Server 2010

I would love to hear from anyone who has enabled it in their environment
Is there a reason it seems that this is not a very widely used feature?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I forgot about that feature. Checking my notes, I have two clients with it enabled, as far as I am aware it has never been used. At it isn't enabled by default, most sites aren't even aware of its existence.

It will cause significant bloat in the database if you intend to use it for the purpose designed, because the content will never be deleted from the mailbox. That will include spam and other garbage. Knowing how many monitoring and other alerts I can delete from my own mailbox, if it was enabled for me my database would be about six times the size it is now.

Simon.
0
 

Accepted Solution

by:
adcass earned 0 total points
Comment Utility
Thanks again for your comments Simon.

Are you able to confirm that my understanding of the feature is in fact correct, in that it abides by the retention policies applied to the mailbox and database?

Im taking this comment from the above article;

The time period by which the deleted data is maintained is based on the deleted item retention window. The default time period is 14 days in Exchange 2010 and is configurable per database or per mailbox. The following cmdlets let you alter this behavior:


So if I have recover deleted items set to 30 days on the database, the deleted items will in fact be purged from the database at the end of that retention period?


So for short term preservation of data.. Singe Item Recovery is the solution..
For long term preservation of data.. Litigation Hold should be used.

Thanks
0
 

Author Closing Comment

by:adcass
Comment Utility
Accepting my own answer because the exact questions around whether the feature adhered to the retention policies applied was not actually answered.
Further research and in depth testing was required on my own part to confirm this.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now