Enable the Archive Mailbox and modify the default retention policy (for cloud-only and hybrid users)Alex Fields
In any subscription that includes Exchange Online Archiving, such as Office 365 E3 or Microsoft 365 Business (as well as any subscription to which the Archiving add-on is applied), it is possible to enable an unlimited storage container for those hoarders out there, known as an archive mailbox. I’m looking at you, attorneys and other law professionals. The archive mailbox shows up underneath your own mailbox, for example, see it in OWA :
Furthermore, there is a default retention policy applied to any organization mailbox, which will automatically move items older than two years, into the Archive. You may wish to adjust or modify this for your own organization (more on that later).
But first, understand that enabling this mailbox for users is easy, but pay attention: where you enable it changes based on whether you are using Azure AD Connect in your environment. If you are synchronizing user identities from your on-premises Active Directory, then it is necessary to modify this value on-premises and let it sync to the cloud, where the archive mailbox will then become enabled. Otherwise, this operation is performed in the cloud directly.
Cloud: from Security & Compliance Center, or Exchange Admin Center
One easy way to add the archive mailbox is from the Exchange admin center > recipients > mailboxes — just select a user’s mailbox to enable the archive from the right hand pane. You can also find this same option from the Security & Compliance Center, which is a handy one-stop shop for configuring all types of policies and settings across all of the applications & services in Office 365.
Click on Data governance > Archive from the left menu, pick a user and select Enable from the right pane.
When you do this, it will present a warning regarding that default policy we talked about–any items older than two years will automatically be moved here. Say Yes to continue.
But what if you want that policy to be one year, or three years, or some other value? You can find and modify the default retention tags and policies within the Exchange admin center. These modifications are done in the cloud, regardless of whether you have a hybrid/Azure AD Connect environment or not. Go to compliance management on the left, and then retention tags at the top.
Open the Default 2 year move to archive tag, and from here you can rename the tag, and change the retention period to whatever value suits your environment. Click Save.
On-premises: with or without a hybrid Exchange server
On-premises, you should be able to locate the user in the Exchange admin center, just as you would in Exchange online, and then enable the archive mailbox, just like you do when it is in the cloud. You can also use a PowerShell command in the Exchange management shell, which is even easier:
- Enable-RemoteMailbox USERNAME -Archive
If you do not have an Exchange server installed but are using Azure AD Connect, it will be necessary to modify the Exchange attributes via ADSI edit in order to enable the archive mailbox. But which attributes do you need to modify? This is where the MIISClient.exe tool comes in handy–by looking in here on an environment where there is a proper Exchange server on-premises, you can see what attributes are being modified when you make a change to an on-premises account, and then watch as it syncs those changes to the cloud.
It stands to reason then, that these same changes will be necessary even if you don’t have a hybrid Exchange server on-premises (NOTE: it is NOT supported by Microsoft to run Exchange Online with Azure AD Connect and without having an on-premises Exchange server to manage the user attributes). Now, you will see three different values being modified:
- msExchArchiveName = (give this any name like “Personal Archive – Username“)
- msExchRemoteRecipientType = (change the value to 3)
- msExchArchiveGuid = (it is not necessary to populate this value, actually)
Once you have made these modifications on the user object’s attributes in ADSIedit, or via the View > Advanced settings / Attributes tab within ADUC, then after the next Azure AD Connect sync cycle runs, you will see the Archive mailbox show up in the cloud.
Remember: enabling a personal archive can be a useful tool for managing mailbox sizes and clutter-creep, but in my opinion, it is not a great tool for managing compliance requirements or retention of data. You may want to look at this article for more information about the differences between an archive, a journal and litigation hold. Also, check out retention policies using the Security & Compliance center.