Message Policy, Recovery and Compliance

http://technet.microsoft.com/en-us/library/jj819264(d=printer).aspx[2013-03-19 11:25:56]

Message Policy, Recovery and Compliance

Topic Last Modified: 2013-03-01

Exchange Online mailboxes reside in the cloud, and archiving them requires unique hosting environments. In some cases, Exchange
Online can also be used to archive on-premises mailboxes in the cloud. The options for archiving with Exchange Online are described in
this section.

Exchange Online provides built-in archiving capabilities for cloud-based mailboxes, including an In-Place Archive that gives users a
convenient place to store older email messages. An In-Place Archive is a special type of mailbox that appears alongside a user’s primary
mailbox folders in Outlook and Outlook Web App. Users can access and search the archive in the same way they access and search their
primary mailboxes. Available functionality depends on the client in use:

Outlook 2013, Outlook 2010, and Outlook Web App Users have access to the full features of the archive, as well as related
compliance features like control over retention and archive policies.
Outlook 2007 Users have basic support for the In-Place Archive, and not all archiving and compliance features are available. For
example, users cannot apply retention or archive policies to mailbox items and must rely on administrator-provisioned policies
instead

Administrators use the Exchange admin center or remote Windows PowerShell to enable the personal archive feature for specific users.

For more information about In-Place Archives, see

In-Place Archiving

.

Only one user’s messaging data can be stored in each personal archive. The allocation of storage depends on the subscription plan:

Feature

Exchange
Server
2013

Office
365
Small
Business

Office 365
Small
Business
Premium

Office 365
Midsize
Business

Office 365
Enterprise
E1
Office 365
Education
A2
Office 365
Government
G1

Office 365
Enterprise
E3
Office 365
Education
A3
Office 365
Government
G3

Office 365
Enterprise
E4
Office 365
Education
A4
Office 365
Government
G4

Office 365
Enterprise
K1
Office 365
Government
K1

Archive
Mailbox
Size

N/A

25 GB 1

25 GB 1

25 GB 1

25 GB 1

Unlimited 2

Unlimited 2

N/A

Note:

Archiving Exchange Online-based mailboxes

Archive sizes

Office 365

2 out of 2 rated this helpful

Message Policy, Recovery and Compliance

http://technet.microsoft.com/en-us/library/jj819264(d=printer).aspx[2013-03-19 11:25:56]

1 Each subscriber receives 25 GB of total storage, which the user can apportion between the primary mailbox and the personal
archive. The size of the personal archive therefore cannot exceed 25 GB.
2 Each subscriber receives 25 GB of storage in the primary mailbox, plus unlimited storage in the personal archive. A default
quota of 100 GB is set on the personal archive, which will generally accommodate reasonable use, including the import of one
user’s historical email. In the unlikely event that a user reaches this quota, a call to Office 365 support is required. Administrators
cannot adjust this quota upward or downward.

Important:

In-Place Archive is not available to Exchange Online Kiosk subscribers.
Using journaling, transport rules, or auto-forwarding rules to copy messages to an Exchange Online mailbox for the purposes of
archiving is not permitted. Microsoft reserves the right to deny unlimited archiving in instances where a mailbox archive is not
being used in a personal scenario.
In-Place Archive has specific licensing requirements for Outlook users.Outlook 2007 users must have the Office 2007 Cumulative
Update for February 2011 to access the personal archive.
Exchange Online does not support the New-MailboxImportRequest Windows PowerShell cmdlet of Exchange Server 2010 Service
Pack 1 or later for administrator-driven import of .pst files into a personal archive. If a user has both the primary mailbox and the
archive in Exchange Online, an administrator can use PST Capture, a free tool, to import .pst file data to the user’s primary mailbox
or archive.

Using Exchange Online for cloud-based archiving of on-premises Exchange Server 2010 or later mailboxes is possible with Microsoft
Exchange Online Archiving, a hosted archiving solution from Microsoft. This requires that the on-premises organization be in Hybrid
mode or be set up for Exchange Online Archiving.

Important:

Users with an on-premises mailbox on an Exchange 2010 Mailbox server who have a Managed Folder policy applied cannot have an
on-premises or cloud-based In-Place Archive enabled.

Exchange Online offers retention policies to help organizations reduce the liabilities associated with email and other communications.
With these policies, administrators can apply retention settings to specific folders in users’ inboxes. Administrators can also give users a
menu of retention policies and let them apply the policies to specific items, conversations, or folders using Outlook 2010 or later or
Outlook Web App.

In Exchange Online, administrators manage retention policies by using the Exchange admin center (EAC) or remote Windows PowerShell.

Exchange Online offers two types of policies: archive policies and delete policies. Both types can be combined on the same item or
folder. For example, a user can tag an email message to be automatically moved to the In-Place Archive in a specified number of days
and deleted after another span of days.

With Outlook 2010 or later and Outlook Web App, users can apply retention policies to folders, conversations, or individual messages.
They can also view the applied retention policies and expected deletion dates on messages. Users of other email clients can only have
email messages deleted or archived based on server-side retention policies set by the administrator.

The retention policy capabilities offered in Exchange Online are the same as those offered in Exchange Server 2010 Service Pack 2 RU4.
Administrators can use remote Windows PowerShell to migrate retention policies from on-premises Exchange Server 2010 or later
environments to Exchange Online.

Cloud-based archiving of on-premises mailboxes

Retention tags and retention policies

Message Policy, Recovery and Compliance

http://technet.microsoft.com/en-us/library/jj819264(d=printer).aspx[2013-03-19 11:25:56]

Important:

Managed Folders, an older approach to messaging records management that was introduced in Exchange Server 2007, are not
available in Exchange Online.

For more information, see

Retention Tags and Retention Policies

.

Information Rights Management (IRM) allows an organization to prevent information leakage by restricting the rights that email
recipients have on messages and attachments—such as whether they may forward a message to other recipients, print a message or
attachment, or copy and paste message or attachment content.

Administrators can use the cloud-based RMS service or an on-premises Active Directory Rights Management Services (AD RMS) server in
conjunction with Exchange Online. If an on-premises AD RMS server is deployed, Outlook can communicate directly with the server,
enabling users to compose and read messages that are protected by AD RMS. There is no need for interoperability between the AD RMS
server and Exchange Online in order to use the AD RMS features of Outlook.

Exchange Server 2010 introduced advanced, IRM-related AD RMS features that organizations can use with Exchange Online. To enable
these features, administrators import the Trusted Publishing Domain (TPD) key from their Active Directory Rights Management Services
server to Exchange Online using remote Windows PowerShell.

After this one-time import, the following IRM-related features become available:

Support for IRM in Outlook Web App Users can read and create IRM-protected messages natively in Outlook Web App. They
can also view IRM-protected messages in Outlook Web App by using Internet Explorer, Firefox, Safari, and Chrome browsers (with
no plug-in required). Viewing features include full-text search, conversation view, and the preview pane.
Support for IRM in Exchange ActiveSync Users with mobile devices that support the IRM features of Exchange ActiveSync can
open and work with IRM-protected messages without tethering the device or installing additional IRM software. Administrators
can control this feature by using Role-Based Access Control (RBAC) or Exchange ActiveSync policies.
Search of IRM-protected messages IRM-protected messages are indexed and searchable, including headers, subject, body,
and attachments. Users can search protected items in Outlook and Outlook Web App and administrators can search protected
items by searching multiple mailboxes.
Transport protection rules Administrators can set up rules to automatically apply AD RMS protection to email (including
Microsoft Office and XPS attachments) in transit. This provides persistent protection anywhere a file is sent and prevents
forwarding, copying, or printing, depending on the rights policy template applied.
Journal report decryption When journaling messages to an external archive, administrators can include both the IRM-
protected message and a decrypted, clear-text copy of the message (including Microsoft Office and XPS attachments) in journal
reports. This allows IRM-protected messages to be indexed and searched for legal and regulatory purposes.
Protected voice mail Senders or administrators can apply Do Not Forward permissions to voice mail messages to prevent them
from being forwarded to unauthorized persons, regardless of the email client.
Outlook Protection Rules New to Outlook 2010, these rules automatically trigger Outlook to apply an Active Directory Rights
Management Services template, based on sender or recipient identities, before users can send an email message. Unlike Transport
Protection Rules, Outlook Protection Rules can be configured so that users can turn off protection for less-sensitive content.

When a reasonable expectation of litigation exists, organizations are required to preserve electronically stored information (ESI), including
email that's relevant to the case. This expectation can occur before the specifics of the case are known, and preservation is often broad.
Organizations may preserve all email related to a specific topic, or all email for certain individuals.

In Exchange Online, you can use In-Place Hold to accomplish the following goals:

Information Rights Management (IRM)

In-Place Hold

Message Policy, Recovery and Compliance

http://technet.microsoft.com/en-us/library/jj819264(d=printer).aspx[2013-03-19 11:25:56]

Enable users to be placed on hold and preserve mailbox items immutably
Preserve mailbox items deleted by users or automatic deletion processes such as MRM
Use query-based In-Place Hold to search and hold items matching specified criteria
Preserve items indefinitely or for a specific duration
Place a user on multiple holds for different cases or investigations
Keep In-Place Hold transparent from the user by not having to suspend MRM
Enable In-Place eDiscovery searches of items placed on hold

For more information, see

In-Place Hold

.

Exchange Online enables customers to search the contents of mailboxes across an organization using a web-based interface.
Administrators or compliance and security officials who are authorized to perform In-Place eDiscovery search (by assigning) can search
email messages, attachments, calendar appointments, tasks, contacts, and other items. In-Place eDiscovery can search simultaneously
across primary mailboxes and archives. Rich filtering capabilities include sender, receiver, message type, sent/receive date, and carbon
copy/blind carbon copy, along with KQL Syntax. Search results will also include items in the Deleted Items folder if they match the search
query.

Results of In-Place eDiscovery searches can be previewed in the web-based interface, exported to a PST file or copied to a special type
of mailbox called a Discovery mailbox. A Discovery mailbox has a 50 GB quota for storing search results. Administrators can also connect
Outlook to the Discovery mailbox to access search results, and export the search results to a .pst file.

Administrators use either the Exchange admin center or remote Windows PowerShell to perform multi-mailbox searches. The Exchange
admin center can provide a read-only preview of the search results, enabling administrators to quickly verify a search and rerun it, if
needed, with different parameters. Once a search is optimized, the administrator can copy the results to the Discovery mailbox.

By default, one Discovery mailbox is created for each organization, but administrators can create additional Discovery mailboxes using
remote Windows PowerShell. Discovery mailboxes cannot be used for any purpose other than storing In-Place eDiscovery search results.

Administrators use either the Exchange admin center or remote Windows PowerShell to perform In-Place eDiscovery searches. The
Exchange admin center can provide a read-only preview of the search results, enabling administrators to quickly verify a search and rerun
it, if needed, with different parameters. Once a search is optimized, the administrator can copy the results to the Discovery mailbox or
export search results to a PST file.

The Exchange admin center can be used to search up to 5000 mailboxes at a time. Remote Windows PowerShell can also be used to
perform searches on an unlimited number of mailboxes.

In Exchange Online, authorized users can perform In-Place eDiscovery and choose one of the following actions:

Estimate search results Get an estimate of the number of messages the search will return, including keywords statistics to
determine the effectiveness of keywords used in the search and tweak search parameters if required.
Preview search results
Copy messages returned in search results to a Discovery mailbox.

For more information, see

In-Place eDiscovery

.

You can use Exchange Transport rules to look for specific conditions on messages that pass through your organization and take action
on them. Transport rules let you apply messaging policies to email messages, secure messages, protect messaging systems, and prevent
information leakage.

In-Place eDiscovery

Transport rules

Message Policy, Recovery and Compliance

http://technet.microsoft.com/en-us/library/jj819264(d=printer).aspx[2013-03-19 11:25:56]

Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the
interaction between recipients and senders, both inside and outside the organization. In addition to limiting interactions among
individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to
the following messaging policy requirements:

Preventing inappropriate content from entering or leaving the organization
Filtering confidential organization information
Tracking or copying messages that are sent to or received from specific individuals
Redirecting inbound and outbound messages for inspection before delivery
Applying disclaimers to messages as they pass through the organization

Important:

Attachment file types that require installation of third-party iFilters on the email server (such as Adobe .pdf) cannot be inspected
using Transport rules until after an appropriate iFilter is installed. For more information about file types that are supported by
Transport rules, including information about extending the number of supported file types, see

File Types That are Supported in

Transport Rules

.

For more information about Transport rules, see

Transport Rules

.

The data loss prevention (DLP) feature will help you identify, monitor, and protect sensitive information in your organization through
deep content analysis. DLP is a premium feature that is increasingly important for enterprise message systems because business-critical
email includes sensitive data that needs to be protected. The DLP feature in Exchange Online enables you to protect sensitive data
without affecting worker productivity.

You can configure DLP policies in the Exchange admin center (EAC) management interface, which allows you to:

Start with a pre-configured policy template that can help you detect specific types of sensitive information such as PCI-DSS data,
Gramm-Leach-Bliley act data, or even locale-specific personally identifiable information (PII).
Use the full power of existing transport rule predicates and actions and add new transport rules.
Test the effectiveness of your DLP policies before fully enforcing them.
Incorporate your own custom DLP policy templates and sensitive information types.
Detect sensitive information in message attachments, body text, or subject lines and adjust the confidence level at which
Exchange Online takes action.
Add Policy Tips, which can help reduce data loss by displaying a notice to your Outlook users and can also improve the
effectiveness of your policies by allowing false-positive reporting.
Review incident data in DLP reports or add your own specific reports by using a generate incident report action.

For more information about DLP, see

Data Loss Prevention

.

You can configure Exchange Online to journal copies of emails to any external mailbox that can receive messages via SMTP. Journaling
can help your organization respond to legal, regulatory, and organizational compliance requirements by recording inbound and
outbound email communications. When planning for messaging retention and compliance, it's important to understand journaling and
how it fits in with your organization's compliance policies.

You can manage journal rules by using the Exchange admin center or remote Windows PowerShell. You can configure journaling on a
per-user and per-distribution list basis, and choose to journal only internal messages, only external messages, or both. Journaled

Data loss prevention

Journaling

Message Policy, Recovery and Compliance

http://technet.microsoft.com/en-us/library/jj819264(d=printer).aspx[2013-03-19 11:25:56]

messages include not only the original message but also information about the sender, recipients, copies, and blind copies.

In order to ensure a successful and reliable journaling solution, you need to complete the following tasks:

The journaling destination cannot be an Exchange Online mailbox.
Create in the customer directory a contact object for the SMTP target email address to be used for journaling.
Create a second contact object as an alternative journal mailbox to capture any journal reports when the primary journal mailbox
is unavailable.
Maintain proper management, redundancy, availability, performance, and functionality levels of the SMTP target to ensure
successful mail acceptance at all times.
Provide respective interoperability with Exchange Server and Exchange transport including message formats, sender/recipient
information integration, and appropriate content conversion.

For more information about journaling, see

Journaling

.

Feature

Exchange
Server
2013

Office
365
Small
Business

Office 365
Small
Business
Premium

Office
365
Midsize
Business

Office 365
Enterprise
E1
Office 365
Education
A2
Office 365
Government
G1

Office 365
Enterprise
E3
Office 365
Education
A3
Office 365
Government
G3

Office 365
Enterprise
E4
Office 365
Education
A4
Office 365
Government
G4

Office 365
Enterprise
K1
Office 365
Government
K1

Archiving
Exchange
Online-based
Mailboxes

No

Yes

Yes

Yes

Yes

Yes

Yes

No

Cloud-Based
Archiving of
On-Premises
Mailboxes

Yes 3

No

No

No

No

No

No

No

Retention
Tags and
Retention
Policies

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Information
Rights
Management
(IRM)

Yes

No

No

No

Yes

Yes

Yes

Yes

In-Place Hold

Yes

No

No

No

No

Yes

Yes

No

Features

Message Policy, Recovery and Compliance

http://technet.microsoft.com/en-us/library/jj819264(d=printer).aspx[2013-03-19 11:25:56]

© 2013 Microsoft. All rights reserved.

In-Place
eDiscovery

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Transport
Rules

Yes 1

No

No

Yes 1

Yes 1

Yes 1

Yes 1

Yes 1

Data Loss
Prevention

Yes 2

No

No

No

No

Yes 2

Yes 2

No

Journaling

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Note:

1 Transport rules are made up of predicates, which allow you to define conditions and exceptions, and actions to take based on the
predicates. The available predicates and actions differ between Exchange Online and Exchange Server 2013. For a list of available
predicates and actions, see the corresponding predicates and actions topics for each product.
2 Data loss prevention functionality requires a client access license.
3 Requires an Exchange Online Archiving (EOA) subscription for each on-premises mailbox user that has a cloud-based archive.

If you have comments or questions about this topic, we'd love to hear from you. Just send your feedback to

Office 365 Service

Description Feedback

. Your comments will help us provide the most accurate and concise content.

Tell us what you think