One of the major new features that both
Microsoft and customers are excited about in Exchange 2010 are the
compliance and archiving features. The features available in Exchange
2010 allow you to create retention rules to preserve information
regardless of the end user's mailbox management and filing habits.
The following is a list of new messaging and compliance features that have been included in Exchange 2010:
New interface for applying retention policies
Auto-tagging for retention policies by inheriting the default retention tag policy from the parent folder
A GUI that allows nontechnical people to perform cross-mailbox searches
New transport rule predicates and actions
The one thing that does have to be clarified,
though, is the target market of Exchange 2010 archiving. By no means
should the solution be confused or compared with an "Enterprise" scaled
solution like a Symantec Enterprise Vault or Mimosa NearPoint.
Microsoft refers to these solutions as "business archives" while
Exchange 2010 is more of a "personal archive." We had to set the record
straight on this as many people have been confused, and when it comes
down to compliance archiving or enterprise records retention, you can't
afford to make mistakes.
1. Personal Archive vs. Organizational Archive
So when should you use the Personal Archive that is
available in Exchange 2010 and when should you use an organizational
archive solution available through third parties? In essence, the
decision has to be made based on the requirements and functionality
offered by these solutions. Microsoft positions Exchange 2010 as a
personal archive and not as a business archive solution. Microsoft's
basic archiving solution enables organizations to get rid of PST files,
implement large mailboxes, and provide advanced search. It does not
provide records management or preservation of electronic information
beyond Exchange and write-once, read-many (WORM) storage. Organizations
that have stricter requirements to retain information beyond email or
have the need to store information on WORM storage should look at a
business archive or organizational archive solution. Organizational
archiving goes beyond the scope of the Personal Archive and delivers
full mailbox capture for all users, full single-instance storage across
all data, and advanced search and case management tools for eDiscovery.
By way of comparison, a typical third-party email
archival solution can be expected to deliver all or a portion of the
following key functions in addition to the Personal Archive
functionality in Exchange 2010:
Logs, WORM, read only
Single instancing/compression
Configuration auditing
Mailbox auditing
Regulatory accreditation
Federated discovery, retention, and reporting across multiple content sources
Data mining and visualization
Case management and advanced eDiscovery
Content monitoring and supervisory tools
Archive for Bloomberg data and other non-Microsoft IM data
Archive for both files and SharePoint
Microsoft is positioning the new archiving
functionality in Exchange 2010 for basic storage management, PST
archiving, and discovery while leaving the door open for third-party
vendors to offer additional value that is necessary for organizational
archiving. Small organizations will find the basic features of Exchange
2010 satisfactory to reduce the strain on storage growth and eliminate
PST files. However, for organizations that require full email retention
and advanced eDiscovery, a third-party email archiving solution is the
answer for the next few years.
2. Policies
The technology used in Exchange Server 2010 to
maintain records management is called messaging records management
(MRM) and helps organizations reduce legal risks associated with email
and other communications. It is much easier to make an organization
comply with company policies and regulatory needs with MRM, and within
Exchange Server 2010 this is accomplished with retention policies.
Exchange 2010 has multiple sets of policies available for maintaining
and moving data from the primary mailbox to the archive:
Retention Policy Tag
A retention policy tag (RPT) applies retention
settings to the default folders (Inbox, Deleted Items, and Sent Items)
in a mailbox, and all items that are in these default folders inherit
the folders' policy tag. Users are not able to change the tag that is
applied to a default folder, but they can apply a different tag to
individual items in one of the default folders. You can create RPTs for
the following default folders:
Deleted Items
Drafts
Inbox
Junk Mail
Outbox
Sent Items
Rss Subscriptions
Sync Issues
Conversation History
RPTs are not supported for the Calendar, Journal,
Notes, and Tasks folders. Currently, you can only use the MoveToArchive
retention action with tags of type All and Personal; Microsoft doesn't
support using MoveToArchive against specific folders.
Default Policy Tag
Default policy tags (DPTs) are used to apply
retention policies to untagged mailbox items. Untagged items are
mailbox items that either did not receive a retention tag from the
folder that they are located in or didn't get a policy applied
explicitly by the user. DPTs are created by specifying the type All. A
retention policy should not contain more than one DPT.
Personal Tags
Personal tags are available to users in their
mailbox as part of their retention policy, and they can apply these
tags to folders they create themselves or to individual items. This
allows end users to tag information they consider critical and
therefore apply a longer retention period to it.
You can define RPTs with the following actions:
Move To Archive Policy
Automatically moves messages from the primary
mailbox to the personal archive. Available options are 1 year, 2 years
(default), 5 years, and Never. This policy can help keep the mailbox
under quota. The policy works like the Outlook Auto-Archive
functionality without creating the PST file and will create a folder
name that matches the primary mailbox folder name from which the item
was moved.
Move To Deleted Items Policy
Automatically deletes messages and moves them to
the Deleted Items folder. Delete policies are global because they
remain tied to the message when they move to the archive and they
remove unwanted items.
Delete And Allow Recovery
Emulates the behavior when the Deleted Items
folder is emptied or the user deletes a message using Shift-Delete.
Messages move to the Recoverable Items folder when deleted item
retention is configured for either the mailbox database or user.
Recoverable Items, also known as the "dumpster," gives the user another
chance to recover deleted messages.
Permanently Delete
Permanently deletes a message. A message is
purged from the mailbox when this policy is applied; this is similar to
a deleted message being removed from Recoverable Items. Once this
happens, the user can no longer recover the message (although when
single-item recovery or legal hold is enabled, the item is placed in
the Purges folder of Recoverable Items and thus can be recovered by
administrators).
The priority in which policies take effect is pretty
simple. Explicit policies have a higher priority over default policies,
and longer policies apply over shorter policies. An important thing to
remember is that you can't apply a managed folder policy to a mailbox
that has an archive mailbox enabled. The managed folder settings
created can't use the MoveToArchive action.
During setup, Exchange Server creates a default
archiving policy, which is a retention policy that contains the
retention tags shown in Table 1.
Table 1. Default Retention Tags
Retention Tag Name | Tag Type | Description |
---|
Default 2 Year Move To Archive | Default | Applies
to items in the entire mailbox that do not have a retention tag applied
explicitly or inherited from the folder. Messages are automatically
moved to the archive mailbox after 2 years. |
Personal 1 Year Move To Archive | Personal | Messages are automatically moved to the archive mailbox after 365 days. |
Personal 5 Year Move To Archive | Personal | Messages are automatically moved to the archive mailbox after 5 years. |
Personal Never Move To Archive | Personal | Messages are never moved to the archive mailbox. |
The default archiving policy is automatically
assigned to each mailbox that has archiving enabled. The tags will be
made available to the mailbox user after the mailbox assistant has
processed the mailbox. The user can then use these tags and apply them
to folders or messages.
2.1. Moving Items Between Folders
When an item is moved from one folder to another, it
inherits the retention tag from the new folder location. If there is no
retention policy tag active on that particular folder, the item
automatically gets the default policy tag. However, when the item has a
specific tag assigned to it, this tag will always take priority over
any folder-level tags or the default tag.
2.2. Setting a Retention Tag
You can set retention policies to a direct mailbox
and distribution group. Keep in mind that new members added to a
distribution group do not automatically get the retention policy of
that group, and you should run the distribution group policy cmdlet at
regular intervals. The following example applies the Finance retention
policy to John Doe's mailbox:
Set-Mailbox "John Doe" -RetentionPolicy "Finance"
The next example applies the Finance retention policy to members of the distribution group Seattle-Finance:
Get-DistributionGroupMember -Identity "Seattle-Finance" | Set-Mailbox -
RetentionPolicy "Finance"
2.3. Changing a Retention Tag Policy
You can also change the policy that is applied to
mailboxes to a new policy. The following example applies the new
retention policy "New-Retention-Policy" to all mailboxes that have the old policy "Old-Retention-Policy":
$OldPolicy=(Get-RetentionPolicy "Old-Retention-Policy"}.distinguishedName
Get-Mailbox -Filter {RetentionPolicy -eq $OldPolicy} -Resultsize Unlimited |
Set-Mailbox -RetentionPolicy "New-Retention-Policy"
2.4. Deleting and Removing a Retention Tag
When you remove a retention tag from the retention
policy that is applied to the mailbox, it is no longer available to the
user and therefore can no longer be applied to items in the mailbox.
Items that have been specifically stamped with this tag, however, will
continue to be processed by the mailbox assistant with these settings.
Deleting a tag using the Remove-RetentionPolicyTag
cmdlet will not only remove the retention tag from being available to
the user, but also remove the tag from Active Directory. The next time
the mailbox assistant runs, it will restamp all the items that had the
removed policy applied and apply the default policy tag. If you removed
the tag from a large number of mailboxes and items, this could result
in a significant increase in resource consumption on your mailbox
servers.
2.5. Retention Hold
Retention might take actions on new email messages
before end users get to them when they are away or unable to access
email due to vacation or other reasons. Depending on the policies that
may be active and applied to the user, this could mean that messages
may have been moved from the primary mailbox to the archive or even
deleted. For these users, you have the option to temporarily suspend
the retention policies from processing the mailbox for a set amount of
time by placing the mailbox on a retention hold. You can specify a
retention comment that will notify and inform the user (or another user
who might have access to the mailbox) about this hold, and explain when
it begins and ends. These retention holds are only visible in supported
Outlook clients, however, and can be localized in the language of the
user's preferred language setting.
Applying a retention hold will not modify
or change mailbox quota limits if they are applied, and it might be
advisable if you have end users leaving for an extended period of time
to increase or remove the mailbox quota limits. Also, it might take the
user a while to catch up on email after he returns, so give the user
some time after he returns to work to go through the messages before
removing the retention hold status.