The topic has come up many times recently on how organizations can leverage Microsoft Exchange 2010 (on-premise) or Microsoft Office 365 (in the cloud) to retain messages, legally hold and recover messages, and successfully perform eDiscovery tasks as required by legal counsel, by law, and/or as needed.
This document clarifies what’s included “in the box” in Exchange 2010 and Office 365, and goes through the step by step procedures for setting up what is necessary to retain content and detailed procedures on how to query and look up information.
Basic Background
To be able to retrieve information for legal or official purposes, information must be properly retained so that the integrity of the information retrieved is valid. As an example, if the Human Resources department, Legal department, or outside Legal Counsel wants to gather information, it’s not good enough to just go into a user’s mailbox and extract information because the information in a mailbox is considered “fragile.” It is fragile because a user can easily “delete” a key message or the user can even go in using the Microsoft Outlook client and EDIT a message. If someone opens a user’s mailbox, the messages in the Outlook client can be tampered with and are NOT considered valid evidence.
In the past with Exchange 2007, Exchange 2003, or earlier, it required specific technologies and practices to protect the messages from tampering. The old way of doing things was to buy a 3rd party archiving product like Symantec Enterprise Vault, Iron Mountain / Mimosa NearPoint for Exchange, EMC EmailXtender, Zantaz EAS, or the like. The 3rd party tools required a separate server, typically a special agent to be installed on all Exchange servers and clients, and a relatively high expense to manage, maintain, and support the archiving server and services.
With Exchange 2007, Microsoft included email “Journaling” that allowed a copy of any/all emails to be forwarded to a Journaling Server so that while a user’s mailbox content might have been tampered with, the Journaling Server mailbox would have a un-modified version of the content. Legal review of the Journal copy provided assurances that the copy has not been edited.
With the release of Exchange 2010 and the Archiving capabilities of Exchange 2010, some mistakenly believe they must create an “Archive Mailbox” for all users to preserve data, that is not true. An Archive Mailbox creates a 2nd mailbox store for a user to move content from their Primary mailbox to the Archive mailbox to get it out of their Primary mailbox, but data retention can actually be done on Exchange 2010 (or Office 365) simply by extending the Deleted Item Retention period and enabling the Single Instance Recovery function of Exchange / Office 365.
The Archive Mailbox feature in Exchange 2010 / Office 365 simply allows users (or the organization through rules) move messages out of their primary mailbox to the Archive box to keep the primary mailbox small, and the archive as large as the user requires. The Archive Mailbox replaces PST files that users have used for years to backup or archive their messages, but instead of being scattered across filesystems, hard drives, USB drives, and other devices, archived mail can be kept in the user’s Archive Mailbox for quick and easy search and access. For the balance of this article, the reader can be assured that the Archive Mailbox is completely separate and not needed for the “in the box” message retention / discovery discussed in the balance of this article.
