Stellark Home » Create Compliance Management Policy in Exchange Online

Create Compliance Management Policy in Exchange Online

How to configure a company policy for:

  • Hold all user email for 7 years
  • Enable In Place Archiving for all users
  • Move all user mail to personal archive after 2 years
  • Apply Retention Policy to delete mail after 7 years
  • Make all Exchange items searchable/discoverable
  • View details and quotas for Recoverable items folder

  • Add user to Discovery Management Role.  This is a necessary and required step to allow users to perform Compliance Management tasks and searches.

clip_image001

 

  • Log out of Office 365 Administration portal then back in and review Compliance Management icons are ALL present. If they are not present then log out and wait…. It can take some time for the new permissions to take effect.

clip_image002

 

  • Create Retention Tag to move all mail to archive after a period of time. This will reduce the size of the .pst file stored locally and force the users contents to archive which is stored online. E3 and E4 licenses have unlimited archive space.

clip_image003

** If you are an E3 or E4 plan member each subscriber receives 50 GB of storage in the primary mailbox, plus unlimited storage in the archive mailbox. A default quota of 100 GB is set on the archive mailbox, which will generally accommodate reasonable use, including the import of one user’s historical email. In the unlikely event that a user reaches this quota, a call to Office 365 support is required. Administrators can’t increase or decrease this quota.

 

  • Create Retention tag to delete mail after 7 years from Archive

clip_image004

clip_image005

 

  • Create a Retention Policy (found within EAC Compliance Management) and apply the newly created Retention Tag(s)

clip_image006

NOTE:  You may opt to create a separate Retention Policy to move users mail to personal archive or simply add the retention tag to the Company Retention Policy

 

  • Create an In Place eDiscovery & Hold Policy (found within EAC Compliance Management)

image

 

Give the policy a name

clip_image007

 

Specify a Source : If you want to place users on In-Place Hold then you must select “specify mailboxes to search” and choose the user mailboxes.

clip_image008

clip_image009

 

Choose Search Query.  This can be modified later when you actually run your searches.  This section is only for “searches” what is configured here does not set the items that are being HELD.

clip_image010

 

Choose whether you wish to engage In-Place Hold
You can specify “Hold indefinitely” or by a set number of days. The below example is set to place all specified user mailboxes on hold for 7 years.

clip_image011

 

  • Verify Discovery Mailbox creation

Get-Mailbox -Resultsize unlimited -Filter {RecipientTypeDetails -eq “DiscoveryMailbox”}

clip_image012

 

  • Check to see which users are on In Place Hold using PowerShell

Get-Mailbox | Where-Object { $_.InplaceHolds -ne $null } | ft name, LitigationHold*, InPlace*

 

  • Apply new Retention Policy to All users using Powershell

$UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq ‘UserMailbox’)}

$UserMailboxes | Set-Mailbox –RetentionPolicy “Company Retention Policy”

 

  • Run Managed Folder Assistant to apply the new Retention Policy

$UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq ‘UserMailbox’)}

$UserMailboxes | ForEach {Start-ManagedFolderAssistant $_.Identity}

 

  • Verify Retention Policy applied to All users

Get-Mailbox -ResultSize unlimited | where {$_.name -Notlike ‘*DiscoverySearchMailbox*’} | select Alias,RetentionPolicy

 

  • Enable In Place Archive to All users

Get-Mailbox -ResultSize unlimited | where {$_.name -Notlike ‘*DiscoverySearchMailbox*’} | Enable-Mailbox –archive

 

  • Get Mailbox and Archive size and stats

$Mailboxes = Get-Mailbox -ResultSize Unlimited | Select UserPrincipalName, identity, ArchiveStatus

$MailboxSizes = @()

foreach ($Mailbox in $Mailboxes) {

$ObjProperties = New-Object PSObject

$MailboxStats = Get-MailboxStatistics $Mailbox.UserPrincipalname | Select LastLogonTime, TotalItemSize, ItemCount

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “UserPrincipalName” -Value $Mailbox.UserPrincipalName

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “Last Logged In” -Value $MailboxStats.LastLogonTime

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “Mailbox Size” -Value $MailboxStats.TotalItemSize

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “Mailbox Item Count” -Value $MailboxStats.ItemCount

if ($Mailbox.ArchiveStatus -eq “Active”) {

$ArchiveStats = Get-MailboxStatistics $Mailbox.UserPrincipalname -Archive | Select TotalItemSize, ItemCount

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “Archive Size” -Value $ArchiveStats.TotalItemSize

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “Archive Item Count” -Value $ArchiveStats.ItemCount

}

else {

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “Archive Size” -Value “No Archive”

Add-Member -InputObject $ObjProperties -MemberType NoteProperty -Name “Archive Item Count” -Value “No Archive”

}

$MailboxSizes += $ObjProperties

}

$MailboxSizes | Out-GridView -Title “Mailbox and Archive Sizes”

NOTE:  or you can pipe the above output to CSV by replacing Out-Gridview to Export-CSV (path to output)

 

  • Verify existing quotas.   The RecoverableItemsQuota will increase from 30G to 100G but is currently in development.  See the Office 365 Roadmap for more information.

Get-Mailbox * | fl *quota

clip_image015

Once MS Office Support has adjusted the Recoverable items folder you will be able to view that change here

 

  • Get Recoverable Items Details per user

Get-MailboxFolderStatistics -Identity “username” | Where-Object {$_.Name -like “Recoverable*”} | FT