Enable the Archive Mailbox and modify the default retention policy (for cloud-only and hybrid users)

Back to Blog

Enable the Archive Mailbox and modify the default retention policy (for cloud-only and hybrid users)

In any subscription that includes Exchange Online Archiving, such as Office 365 E3 or Microsoft 365 Business (as well as any subscription to which the Archiving add-on is applied), it is possible to enable an unlimited storage container for those hoarders out there, known as an archive mailbox. I’m looking at you, attorneys and other law professionals.  The archive mailbox shows up underneath your own mailbox, for example, see it in OWA :

Furthermore, there is a default retention policy applied to any organization mailbox, which will automatically move items older than two years, into the Archive. You may wish to adjust or modify this for your own organization (more on that later).

But first, understand that enabling this mailbox for users is easy, but pay attention: where you enable it changes based on whether you are using Azure AD Connect in your environment. If you are synchronizing user identities from your on-premises Active Directory, then it is necessary to modify this value on-premises and let it sync to the cloud, where the archive mailbox will then become enabled.  Otherwise, this operation is performed in the cloud directly.

Cloud: from Security & Compliance Center, or Exchange Admin Center

One easy way to add the archive mailbox is from the Exchange admin center > recipients > mailboxes — just select a user’s mailbox to enable the archive from the right hand pane. You can also  find this same option from the Security & Compliance Center, which is a handy one-stop shop for configuring all types of policies and settings across all of the applications & services in Office 365.

Click on Data governance > Archive from the left menu, pick a user and select Enable from the right pane.

When you do this, it will present a warning regarding that default policy we talked about–any items older than two years will automatically be moved here. Say Yes to continue.

But what if you want that policy to be one year, or three years, or some other value?  You can find and modify the default retention tags and policies within the Exchange admin center.  These modifications are done in the cloud, regardless of whether you have a hybrid/Azure AD Connect environment or not. Go to compliance management on the left, and then retention tags at the top.

Open the Default 2 year move to archive tag, and from here you can rename the tag, and change the retention period to whatever value suits your environment. Click Save.


On-premises: with or without a hybrid Exchange server

On-premises, you should be able to locate the user in the Exchange admin center, just as you would in Exchange online, and then enable the archive mailbox, just like you do when it is in the cloud. You can also use a PowerShell command in the Exchange management shell, which is even easier:

  • Enable-RemoteMailbox USERNAME -Archive

If you do not have an Exchange server installed but are using Azure AD Connect, it will be necessary to modify the Exchange attributes via ADSI edit in order to enable the archive mailbox. But which attributes do you need to modify? This is where the MIISClient.exe tool comes in handy–by looking in here on an environment where there is a proper Exchange server on-premises, you can see what attributes are being modified when you make a change to an on-premises account, and then watch as it syncs those changes to the cloud.

Remote Archive Attributes Modified - Viewing Through MIISClient

It stands to reason then, that these same changes will be necessary even if you don’t have a hybrid Exchange server on-premises (NOTE: it is NOT supported by Microsoft to run Exchange Online with Azure AD Connect and without having an on-premises Exchange server to manage the user attributes). Now, you will see three different values being modified:

  • msExchArchiveName = (give this any name like “Personal Archive – Username“)
  • msExchRemoteRecipientType = (change the value to 3)
  • msExchArchiveGuid = (it is not necessary to populate this value, actually)

Once you have made these modifications on the user object’s attributes in ADSIedit, or via the View > Advanced settings / Attributes tab within ADUC, then after the next Azure AD Connect sync cycle runs, you will see the Archive mailbox show up in the cloud.

Remember: enabling a personal archive can be a useful tool for managing mailbox sizes and clutter-creep, but in my opinion, it is not a great tool for managing compliance requirements or retention of data. You may want to look at this article for more information about the differences between an archive, a journal and litigation hold. Also, check out retention policies using the Security & Compliance center.


Comments (12)

  • Cedric Reply

    Thank you for this article.
    Wouldn’t we change the retention (2y by default) before applying the archiving?

    September 18, 2018 at 6:34 am
  • Chris Hager Reply

    HI there. I ran across this and read through it, and more or less confirmed what I thought was correct before I apply this to one of my users (one of my highest level VIP users, in fact). However, rather than change the default, I replaced it with one. I’m attempting to set ours to 5 years. I’ve changed it, but when I go to enable archiving on the user’s mailbox, the warning still says 2 years. Therefor I cannot risk enabling it. Wouldn’t the warning text be smart enough to detect the actual applicable setting or is it going to warn “2 years” no matter what the actually setting is?

    October 23, 2020 at 11:47 am
    • Alex Reply

      Good question–I don’t actually know the answer; I guess I never noticed that. But, the system can only do what you tell it to. As well, it can take some time to apply changes in retention settings, etc.–so if you make a change it may not happen right that moment–I would see if the same is reflected in that message later. You could also confirm the same in PowerShell.

      October 26, 2020 at 11:52 am
  • Ganesh Reply

    Thanks for posting this. Helped a lot.

    May 5, 2021 at 11:29 pm
  • Jacob Reply

    If the Inbox policy says “uses the parent folder policy” where exactly is or where is the Parent Policy?


    August 30, 2021 at 2:38 pm
  • austin Reply

    Hello Alex,

    Great writeup, much appreciated. I have followed your guidance and was able to enable an in-place archive.

    I am now in a situation where I would like to disable the in-place archive (without an on-prem exchange server). Do you have any guidance on this topic? Changing the ‘msExchArchiveName’ and ‘msExchRemoteRecipientType’ values back to their originals and doing a sync does not disable the archive. Would appreciate your thoughts!

    September 14, 2021 at 8:55 am
  • Austin Reply

    Any advice on disabling the online archive without an on-prem Exchange server? Settings the modified attributes back to their originals did not disable it.

    September 15, 2021 at 12:20 pm
    • Alex Reply

      I am guessing there is a different value that tells it to “remove.” But I don’t have the value handy. Why not just add an Exch server for mgmt, even if just installed on another existing server? It does not do any mailbox hosting, routing, etc. but MSFT likes it to be there for management purposes.

      September 15, 2021 at 12:22 pm
      • Austin Reply

        I was thinking the same thing. Seems to be linked to some sort of storage location id as well. I am starting to see the value of having an exchange server on-prem. I have not done a research myself, but do you know off hand how easy it is to integrate a new Exchange server in an environment where the original was torn out? Thank you very much for the reply! Sorry for the double post, I thought my original post / comment did not go through.

        September 15, 2021 at 12:31 pm
        • Alex Reply

          No problem, yeah it isn’t too bad; I just like to make sure that the aliases are accurately showing up in the proxyAddresses multi-attribute field. If that looks square, then it should not be a problem to install the Exchange server and run the Hybrid Config Wizard.

          September 16, 2021 at 11:12 am

Leave a Reply

Back to Blog

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.