Enable the Archive Mailbox and modify the default retention policy (for cloud-only and hybrid users)
In any subscription that includes Exchange Online Archiving, such as Office 365 E3 or Microsoft 365 Business (as well as any subscription to which the Archiving add-on is applied), it is possible to enable an unlimited storage container for those hoarders out there, known as an archive mailbox. I’m looking at you, attorneys and other law professionals. The archive mailbox shows up underneath your own mailbox, for example, see it in OWA :
Furthermore, there is a default retention policy applied to any organization mailbox, which will automatically move items older than two years, into the Archive. You may wish to adjust or modify this for your own organization (more on that later).
But first, understand that enabling this mailbox for users is easy, but pay attention: where you enable it changes based on whether you are using Azure AD Connect in your environment. If you are synchronizing user identities from your on-premises Active Directory, then it is necessary to modify this value on-premises and let it sync to the cloud, where the archive mailbox will then become enabled. Otherwise, this operation is performed in the cloud directly.
Cloud: from Security & Compliance Center, or Exchange Admin Center
One easy way to add the archive mailbox is from the Exchange admin center > recipients > mailboxes — just select a user’s mailbox to enable the archive from the right hand pane. You can also find this same option from the Security & Compliance Center, which is a handy one-stop shop for configuring all types of policies and settings across all of the applications & services in Office 365.
Click on Data governance > Archive from the left menu, pick a user and select Enable from the right pane.
When you do this, it will present a warning regarding that default policy we talked about–any items older than two years will automatically be moved here. Say Yes to continue.
But what if you want that policy to be one year, or three years, or some other value? You can find and modify the default retention tags and policies within the Exchange admin center. These modifications are done in the cloud, regardless of whether you have a hybrid/Azure AD Connect environment or not. Go to compliance management on the left, and then retention tags at the top.
Open the Default 2 year move to archive tag, and from here you can rename the tag, and change the retention period to whatever value suits your environment. Click Save.
On-premises: with or without a hybrid Exchange server
On-premises, you should be able to locate the user in the Exchange admin center, just as you would in Exchange online, and then enable the archive mailbox, just like you do when it is in the cloud. You can also use a PowerShell command in the Exchange management shell, which is even easier:
- Enable-RemoteMailbox USERNAME -Archive
If you do not have an Exchange server installed but are using Azure AD Connect, it will be necessary to modify the Exchange attributes via ADSI edit in order to enable the archive mailbox. But which attributes do you need to modify? This is where the MIISClient.exe tool comes in handy–by looking in here on an environment where there is a proper Exchange server on-premises, you can see what attributes are being modified when you make a change to an on-premises account, and then watch as it syncs those changes to the cloud.
It stands to reason then, that these same changes will be necessary even if you don’t have a hybrid Exchange server on-premises (NOTE: it is NOT supported by Microsoft to run Exchange Online with Azure AD Connect and without having an on-premises Exchange server to manage the user attributes). Now, you will see three different values being modified:
- msExchArchiveName = (give this any name like “Personal Archive – Username“)
- msExchRemoteRecipientType = (change the value to 3)
- msExchArchiveGuid = (it is not necessary to populate this value, actually)
Once you have made these modifications on the user object’s attributes in ADSIedit, or via the View > Advanced settings / Attributes tab within ADUC, then after the next Azure AD Connect sync cycle runs, you will see the Archive mailbox show up in the cloud.
Remember: enabling a personal archive can be a useful tool for managing mailbox sizes and clutter-creep, but in my opinion, it is not a great tool for managing compliance requirements or retention of data. You may want to look at this article for more information about the differences between an archive, a journal and litigation hold. Also, check out retention policies using the Security & Compliance center.
Comments (12)
Hello,
Thank you for this article.
Wouldn’t we change the retention (2y by default) before applying the archiving?
Thanks
HI there. I ran across this and read through it, and more or less confirmed what I thought was correct before I apply this to one of my users (one of my highest level VIP users, in fact). However, rather than change the default, I replaced it with one. I’m attempting to set ours to 5 years. I’ve changed it, but when I go to enable archiving on the user’s mailbox, the warning still says 2 years. Therefor I cannot risk enabling it. Wouldn’t the warning text be smart enough to detect the actual applicable setting or is it going to warn “2 years” no matter what the actually setting is?
Good question–I don’t actually know the answer; I guess I never noticed that. But, the system can only do what you tell it to. As well, it can take some time to apply changes in retention settings, etc.–so if you make a change it may not happen right that moment–I would see if the same is reflected in that message later. You could also confirm the same in PowerShell.
Thanks for posting this. Helped a lot.
Hey,
If the Inbox policy says “uses the parent folder policy” where exactly is or where is the Parent Policy?
Thanks
Default MRM policy? https://docs.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/default-retention-policy
Hello Alex,
Great writeup, much appreciated. I have followed your guidance and was able to enable an in-place archive.
I am now in a situation where I would like to disable the in-place archive (without an on-prem exchange server). Do you have any guidance on this topic? Changing the ‘msExchArchiveName’ and ‘msExchRemoteRecipientType’ values back to their originals and doing a sync does not disable the archive. Would appreciate your thoughts!
Any advice on disabling the online archive without an on-prem Exchange server? Settings the modified attributes back to their originals did not disable it.
I am guessing there is a different value that tells it to “remove.” But I don’t have the value handy. Why not just add an Exch server for mgmt, even if just installed on another existing server? It does not do any mailbox hosting, routing, etc. but MSFT likes it to be there for management purposes.
I was thinking the same thing. Seems to be linked to some sort of storage location id as well. I am starting to see the value of having an exchange server on-prem. I have not done a research myself, but do you know off hand how easy it is to integrate a new Exchange server in an environment where the original was torn out? Thank you very much for the reply! Sorry for the double post, I thought my original post / comment did not go through.
No problem, yeah it isn’t too bad; I just like to make sure that the aliases are accurately showing up in the proxyAddresses multi-attribute field. If that looks square, then it should not be a problem to install the Exchange server and run the Hybrid Config Wizard.
For anyone who might find themselves in a similar situation to mine, it may be beneficial to take a look here:
https://docs.microsoft.com/en-us/office365/troubleshoot/archive-mailboxes/cannot-provision-deprovision
Thank you again Alex, your information was helpful.