Meet Email-Retention Needs with Exchange 2007

Use messaging records management and transport rules to achieve compliance

Brien Posey

January 29, 2007

11 Min Read
ITPro Today logo in a gray background | ITPro Today

Over the last several years, many laws have beenpassed that set specific requirements for emailretention. Although various third-party products such as AdvisorMail, Optiva Systems's ArcMail E-MailDefender, and Quest Software's Quest Archive Managercan help organizations running Microsoft Exchange Server2003 comply with these regulations, Exchange 2003 wasn'tdesigned with long-term mail retention in mind. Notsurprisingly, Exchange Server 2007 addresses these shortcomings. Although Exchange 2007 probably won't becompletely compliant with federal regulations such asthe Sarbanes-Oxley (SOX) Act right out of the box, it offersmechanisms that make achieving compliance easier.

This article was written in November 2006. As such,information that I discuss here is based on a beta version ofExchange 2007 and could potentially change by the time thefinal product is released. However, Microsoft is far enoughinto the beta cycle that I don't anticipate any major changesto the way that Exchange 2007 works.

Messaging Records Management
When you hear people discuss making a mail server compliant with the latest regulations, one central theme that usually comes up is message archiving. Various laws require email to be retained for specific lengths of time. But you can't depend on users to save a copy of every message. Even if users consistently saved all their mail, locating specific messages on demand would be nearly impossible because the messages would be scattered among the users' mailboxes.

An Exchange 2007 feature that can help make message archiving easier and more reliable is messaging records management, which lets you assign retention rules to specific folders. When used in conjunction with transport rules, messaging records management can sort and archive messages according to your company's needs.

To demonstrate how messaging records management works, suppose that you want to keep users' mailboxes clean by implementing an email-retention policy mandating that any message more than three months old be deleted. Let's also suppose that you're required to keep any messages related to the Contoso account for five years.

In a situation like this, you could create a managed custom folder with a five-year retention period. You could then create a mailbox that's used solely as a repository for messages related to the Contoso account. Because this mailbox has a special purpose, you wouldn't apply your regularretention policy to it. Instead, you'd create a transport rulethat captures any message mentioning the Contoso accountand sends a copy of the message to the designated mailbox.Then you'd use a Microsoft Office Outlook rule to move messages arriving in the mailbox to the managed custom folderwith the five-year retention period.

If you're used to running Exchange 2003, this methodprobably seems completely foreign to you. But the technique sounds more difficult than it really is. For an outlineof the procedure, see the sidebar "Step-by-Step Email Retention in Exchange 2007". Now, let's look moreclosely at how to implement it.

Create a Managed Custom Folder
The first step in this technique is to create a managedcustom folder and assign a five-year retention period to it.To do so, open Exchange Management Console (formerlyknown as Exchange System Manager) and expand the Organization Configuration container, then select the Mailboxcontainer beneath it. The console's middle pane displaysa series of tabs related to the Mailbox container. Select theManaged Custom Folders tab, then right-click in the emptyarea beneath it. Choose the New Managed Custom Foldercommand from the resulting shortcut menu to launch theNew Managed Custom Folder wizard. (Managed folders areavailable organization-wide, so you can apply them to anymailbox throughout the organization.)

As you can see in Figure 1, you start by enteringa name for the new folder. For this scenario, enter ContosoAccount as the folder name. As you enter the name, the textbox below it automatically fills in the name that users will seewhen they view the folder in Outlook. You can enter additional text in the large text box so that it's displayed whenusers view the folder through Outlook. For this example,enter the following text: All messages related to the Contosoaccount must be retained for five years. Finally, select the Donot allow users to minimize this comment in Outlook checkbox. (Note that only Microsoft Office Outlook 2007 andMicrosoft Outlook Web Access—OWA—2007 display thischeck box.)

Click the New button to finish creating the folder.Exchange displays a summary of the action along with the Exchange Management Shell command that you can use to script the action inthe future. Click Finish to close the wizard.

Now that you've created the new managedfolder, it's time to configure a retention policyfor it. The Contoso Account folder now appearsin the Mailbox container, as Figure 2 shows. Toconfigure the folder's policy, select the folder, then click the New Managed Content Settingslink in the Contoso Account pane on the rightside of the screen.

At this point, the New Managed Content Settings wizard opens, as Figure 3 shows. Begin by entering a descriptive name for the new settings. Set the Message type option to All Mailbox Content, then select the Retention period (days) check box.

Because we're retaining messages for five years, enter 1827 (365 days × 5 years + 2 days for leap years). Set the retention period to start when an item is moved into the folder, then set the items to be permanently deleted when the retention period expires, as I've done in Figure 3. A permanent delete removes the item from the database, so users won't be able to use the Recover Deleted Items feature to retrieve items from the dumpster.

Click Next, and you'll see a screen explaining that journaling can be used to automatically forward a copy of an item to an alternate location. You might want to investigate using the journaling option in other scenarios, but for this example click Next to skip it, and you'll see a screen displaying a summary of the configuration settings you're implementing. Click New to create the settings. When the process is completed, click Finish.

Set a Mailbox Retention Policy
So far we've created a folder for the Contoso account and set a retention policy for it. As you'll recall, though, our other goal was to keep user mailboxes cleaned out by preventing messages from being stored for more than three months. To do so, we'll create a mailbox retention policy that's similar to the one we created for the Contoso Account folder.

Navigate through the Exchange Management Console tree to the Organization ConfigurationMailbox container. When you select the Mailbox container, the details pane displays a series of tabs. Select the Managed Default Folders tab to display a list of all the default mailbox folders.

Right-click the Inbox folder, and select New Managed Content Settings from the shortcut menu to launch the New Managed Content Settings wizard. As before, you'll enter a name for the new setting. Let's call this policy ThreeMonth Retention.

For this article, set the message type to All Mailbox Content. For other policy scenarios, you could segregate messages by categories such as documents, calendar items, meeting requests, voicemail, and so forth. Now select the Retention period (days) check box, and set the retention period to 90 days. Configure the retention period so that it begins when an item is delivered to the mailbox. Set the end-of retention-period action to move expired items to the Deleted Items folder.

Click Next, and you'll see the Journaling screen. For the purposes of this example, we're not interested in journaling copies of every message, so click Next. You'll see a summary of the new managed-content settings. Assuming that all the information is correct, click New to create the new policy. When the process is completed, click Finish. (Note that you could also apply this policy to the Sent Items folder.)

Create a Managed-FolderMailbox Policy
Although we've set a retention period for theInbox, we still have to create a policy that references this retention period. The policy lets yougroup together multiple managed folders in asingle step.

To create this policy, navigate through the console tree to Organization Configuration Mailbox. Select the Mailbox container, and click the Managed Folder Mailbox Policies tab in the details pane. Next, right-click in an empty area of the details pane and select the New Managed Folder Mailbox Policy command from the shortcut menu. When you do, Exchange launches the New Managed Folder Mailbox Policy wizard.

Once again, start by entering a name for the policy. For this scenario, call the policy Managed Folders. Now, click Add to reveal a list of available folders. Choose Inbox from the list and click OK, then New, then Finish.

At this point, repeat the procedure to create a second managed-folder mailbox policy. Let's call this one Contoso. You'll do everything the same as before except that rather than associating the policy with the Inbox, you'll associate it with the Contoso Account folder that you created earlier.

Associate the Policy with Mailboxes
You've created a policy that you can associate with the user's mailboxes to effectively place a three-month maximum retention period on mailbox items. To add the policy to a mailbox, navigate through the console tree to Recipient ConfigurationMailbox. The details pane displays a list of available mailboxes. Right-click the mailbox you want the policy applied to, and select the Properties command from the shortcut menu. Exchange displays the mailbox'sproperties sheet.

Select the properties sheet's Mailbox Settings tab, then select the Messaging Records Management option and click the Properties button. You should now see the Messaging Records Management dialog box that Figure 4 shows.

Select the Managed folder mailbox policy check box, then click Browse. You should see the policy created in the last step (we called it Managed Folders). Select this policy and click OK three times to close all open dialog boxes. The policy is now associated with the user account and should be active at this point.

Create a Transport Rule
The next step in the process is to create a mailbox that can act as a repository for messages related to the Contoso account. Create this mailbox in the typical way. Go through the steps to associate a managed-folder mailbox policy with the new mailbox, and choose theContoso policy.

Now that you've created a mailbox to act as a message repository, the next step is to move Contoso messages into the mailbox. The easiest way to accomplish this is to create a transport rule. Transport rules look at messages as they flow through the Exchange organization.

To create a transport rule, navigate through the console tree to Organization Configuration Hub Transport. Next, click the New Transport Rule link in the Actions pane to launch the New Transport Rule wizard.

The wizard's initial screen asks you to enter a name for the rule as well as an optional comment. Let's name the rule Contoso, and we'll add a comment indicating that the rule copies Contoso-related messages to a repository mailbox.

Click Next, and you'll see a screen asking you to select a condition for the rule to look for. There are many conditions that you can specify, but let's assume that a message will be considered to be related to the Contoso account if the word Contoso appears anywhere in the message subjector body. Therefore, select the when theSubject field or the body of the message contains specific words check box, as Figure 5, shows.

Notice in Figure 5 that specific words is underlined in the edit section in the bottom pane. Click the specific words link to enter the words you want the rule to apply to. In this case, just enter Contoso.

Click Next, and you'll be prompted to select an action for the rule. In this case, choose the Blind Carbon Copy (BCC) the Message to Address option. Doing so will cause a copy of every message containing the word Contoso to be sent to the repository mailbox. Just as you clicked the specific words link earlier, you must now click the Address link to enter the email address that's associated with your repository mailbox.

To complete the process, click Next twice, followed by New and Finish. The new transport rule is now created.

Create an Outlook Rule
We're almost done except for one minor detail. The Inbox associated with the repository mailbox that we created doesn't have a message-retention policy associated with it. We need to guarantee that Contoso-related messages are retained for five years. We've created a managed custom folder that has a five-year retention period associated with it, though, so we just need to move messages from the Inbox folder to our managed custom folder.

Unfortunately, you can't do so through Exchange Management Console, but you can get the job done through Outlook by creating an Outlook rule. The procedure I'll describe is designed for use with Microsoft Office Outlook 2007.

Open the repository mailbox in Outlook, then choose Rules and Alerts from Outlook's Tools menu. When the Rules and Alerts dialog box appears, click the New Rule button. Outlook displays various rule templates. Click the Check Messages When they Arrive option found in the Start from a Blank Rule section, then click Next.

You'll see a screen displaying various rule conditions. Select the Where my name is not in the To box check box. Remember that our transport rule sends messages to this mailbox by using a BCC, so the mailbox owner's name should never appear in the To box.

Click Next, then select the Move it to the Specified Folder check box. Click Specified, and you'll see a list of folders. Select the folder to which the retention policy applies, then click Finish, followed by OK.

Achieve Your Compliance Goal
As you can see, configuring Exchange 2007to retain specific types of messages can be alot of work. Nevertheless, doing so is usuallyworth the effort because messages requiredto be retained will all be grouped into a centralfolder that you can easily search for specificinformation. Messaging records managementcombined with transport rules will help youmeet your organization's email-retentionneeds.

About the Author

Brien Posey

Brien Posey is a bestselling technology author, a speaker, and a 20X Microsoft MVP. In addition to his ongoing work in IT, Posey has spent the last several years training as a commercial astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space.

https://brienposey.com/

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like