Moving to Microsoft 365 Retention Policies
When I wrote about Microsoft 365 retention policies last September, I argued that Exchange Online mailbox retention policies offer some advantages over their Microsoft 365 counterparts. Briefly, the advantages boil down to the ability to control retention for default folders like the Inbox and the availability of the move to archive action. Microsoft 365 retention policies operate on a container basis (the mailbox) and don’t include move to archive as a retention action. If you’re in a hybrid organization, being able to apply the same retention settings to on-premises and cloud mailboxes might be deemed another advantage.
Although it might seem a small point, having retention policies move items from primary mailboxes to archive mailboxes on an ongoing basis keeps primary mailboxes uncluttered while preserving the ability to find old items when necessary. You can argue that offloading old email to an archive is more important in on-premises environments where mailboxes are usually smaller than the 100 GB norm for enterprise Exchange Online deployments. This is true, but it still doesn’t get past the point that much inter-organization communication flows via email and it’s usually important to retain these messages for extended periods. Moving to the archive is an effective way to retain email without having old messages get in the way of users.
The downside of focusing on Exchange Online retention is that Microsoft’s attention is fixed firmly on Microsoft 365 retention policies. The addition of adaptive scopes to identify target locations or being able to use the presence of sensitivity labels as a condition for auto-label retention policies are two examples of recent improvements in Microsoft 365 retention.
Maximizing the Benefit of Both Types of Retention
Although acknowledging where Microsoft’s interest lies, it makes sense for customers to consider whether they should leverage the unique abilities and strengths of the two types of retention processing in their information governance strategy. However, we should also begin the conversation about how to transition from Exchange Online mailbox retention policies to Microsoft 365 retention policies. Briefly, the major points of the transition are:
- Replace Exchange personal tags from mailbox retention policies with Microsoft 365 retention labels. To make the changeover seamless, use the same name for both personal tags and retention labels.
- Remove Exchange folder tags from mailbox retention policies and replace them with retention policies published to the mailboxes using label publishing policies.
- Replace default deletion tags in mailbox retention policies with Microsoft 365 retention policies.
- Limit the use of Exchange Online mailbox retention policies to moving messages into archive mailboxes.
Remember, a mailbox can have just one mailbox retention policy. However, it can come within the scope of multiple Microsoft 365 retention policies. In this strategy, we remove Exchange personal, folder, and default tags from the set of mailbox retention policies assigned to user mailboxes and replace them with retention policies and label publishing policies.
When the process is complete, Exchange mailbox retention policies will only include a default archive tag to control the movement of items into the archive. If you don’t want to use archive mailboxes and intend keeping everything in primary mailboxes you can remove all the mailbox retention policies. At that point, Microsoft 365 retention policies and labels will perform all retention processing for the organization.
It’s important to emphasize that you should not delete any Exchange retention tag (personal, folder, or default) from your organization. Instead, by removing the tags from mailbox retention policies, you make the tags unavailable to users. Existing tags remain stamped on items unless superseded by application of a retention label. As time passes, items will age out, the Mailbox Folder Assistant (MFA) will remove them, and the Exchange tags will disappear from use.
Replace Exchange Personal Retention Tags
Personal retention tags exist to allow users to mark folders (except the default folders such as the Inbox) and individual items for special retention processing. For instance, a personal tag might retain items for ten years. To replace these tags, we:
- Create replacement Microsoft 365 retention labels with the same retention settings and publish the labels to users.
- If multiple mailbox retention policies are in use for different sets of users, you might need equivalent Microsoft 365 retention publishing policies to get the right labels to the right users. On the other hand, you might be able to rationalize label publishing to a smaller set of policies.
- Remove the Exchange personal retention tags from mailbox retention policies.
An item can only ever have a single retention label or tag, either implicit (inherited from the folder or mailbox default) or explicit (applied by the user). If an item comes within the scope of multiple labels or retention policies, the rules of retention apply. Usually, this boils down retention winning over deletion and the application of the longest retention period. No one wants to remove information before its time.
Remove Exchange Folder Tags
Folder tags exist to apply retention settings to default Exchange mailbox folders such as the Inbox, Sent Items, and Deleted Items. As Microsoft 365 retention policies apply the same settings across all mailbox folders, no further need exists for these folder tags, so we can remove the folder tags from mailbox retention policies.
Clients like OWA which support retention policies won’t allow users to apply a retention label to a default folder. Users can apply retention labels to any folder they create.
Replace Default Deletion Tags
A default deletion tag applies retention to any mailbox item which does not come under the control of a more specific tag (personal or folder). Microsoft 365 retention policies taken on the role of default deletion tags, so they are no longer required and can be removed from mailbox retention policies.
Keep the Default Archive Tag
On the other hand, if you intend to continue moving items from primary mailboxes to archive mailboxes as part of your retention strategy, you must keep the default archive tags in mailbox retention policies. A default archive tag instructs MFA to move items after they reach a certain age. For example, you could have a mailbox retention policy with:
- A default archive tag to move items into the archive mailbox after a year.
- A default deletion tag to remove items from the mailbox (primary and archive) after seven years.
In this configuration, items stay in the primary mailbox for a year and then move to the same folder in the archive mailbox and stay there for another six years. When items are seven years old, the MFA removes them from the archive mailbox.
Microsoft 365 retention policies process both the primary and archive mailboxes, so if we leave the default archive tag in place, MFA will respect its instructions to move items to the archive, and then respect the policy settings to remove items.
Making the Changes
To remove the personal tags, access the compliance management section of the old Exchange admin center and select the retention policy to update (Figure 1).
Now remove everything from the policy except the default archive tag (Figure 2). We keep this to ensure that MFA continues to move items to the archive mailbox after the tag’s retention period expires (in this case, 1095 days, or 3 years). Note that this policy does not have a default delete tag.
The next time MFA processes mailboxes, it removes the Exchange personal tags and makes the Microsoft 365 retention labels available to users. This can be a gradual process to remove Exchange personal tags and introduce retention labels. MFA makes sure that the set of retention policy labels displayed to users includes both Exchange tags and Microsoft 365 labels. Figure 3 shows OWA displaying a set of labels including both personal tags (like Remove after 1 week) and retention labels (like Formal Company Record and Required for Audit). You can also see two personal tags with move to archive actions listed on the top of the set.
Although MFA hides the Exchange personal tags after their removal from mailbox retention policies, users can still access personal tags through the OWA retention policies option, which lists the set of Exchange personal retention tags not already assigned to the user by policy (Figure 4). After the user selects a tag, it joins the set displayed by OWA and Outlook desktop when the user applies a policy to an item.
Unfortunately, there’s no way to suppress the display of personal tags through the OWA option. As mentioned above, don’t remove the personal tags from the tenant as this might lead to the unexpected deletion of important items, so it’s best to advise users to avoid using the OWA option.
OWA doesn’t include Microsoft 365 retention labels as part of the set shown to users, so OWA options doesn’t support a switchover to retention labels until Microsoft does the work to upgrade the client.
After making all the changes, you should be in this position:
- Exchange mailbox retention policies have a single default archive tag and nothing else.
- Microsoft 365 retention labels replace the Exchange personal tags.
- Microsoft 365 retention policies process any mailbox items that don’t have an assigned retention label (or old Exchange retention tag).
- Users experience no change because clients display the same set of retention labels. There might be a changeover period of a few days when both retention labels and retention tags appear in the lists displayed in clients, but this is a matter of timing (label publication), and MFA will resolve the duplication over time.
There is a small loss in functionality because you no longer assign folder tags to default mailbox folders. However, if retention policies have reasonable retention periods, it’s unlikely that users will notice the difference. In any case, users should receive guidance about how to use retention labels to mark items/folders of particular importance that they wish to keep.
Eventually, Microsoft might provide a Microsoft 365 retention policy setting to enable movement of email into archive mailboxes. At that point, the need for Exchange Online mailbox retention policies will disappear.