Our company has a history of retaining every employee's mailbox indefinitely, which raises data protection concerns. I'm looking to implement a more sensible policy, such as retaining ex-employee mailboxes for seven years after they leave. Initially, I thought about using Litigation Hold, but that makes management uneasy outside of actual litigation. Microsoft's documentation suggests using Purview retention policies, but it's unclear how to go about it. When I consulted Copilot, it recommended creating a retention policy for all Exchange mailboxes, but I encountered a warning that stated items older than seven years would be deleted once the policy is activated. This makes me hesitant since it could lead to unintended deletions for current employees. I also considered applying the policy to employees marked as Ex-Staff using a dynamic security group, but Purview only supports mail-enabled security groups, which can't be dynamic. If someone accidentally gets added to that group, it could result in immediate deletion of messages older than seven years. Ultimately, I'm seeking a documented and reliable solution to retain mailboxes for seven years after an account is deleted, and I'm unsure where to find accurate information or what others have successfully implemented.
5 Answers
As a safe alternative, we export ex-employee mailboxes to PST files and archive them on a file server. This method, while requiring storage space, makes retrieval easier without impacting the current mail system.
One solid approach is to convert ex-employee mailboxes to shared mailboxes. After conversion, you can remove the license, which allows you to keep the data accessible without worrying about ongoing costs. You'll also want to set up a Purview retention policy for a mail-enabled security group (like "Ex-Staff-Mailboxes") to retain data for seven years before it's automatically deleted. Just make sure to monitor your storage because even unlicensed shared mailboxes still count against your total quota. Also, I recommend exporting a PST backup if the mailbox size is over 50GB, just to be safe.
The shared mailbox idea is a great start, but make sure you set the retention policy correctly for long-term cleanup after seven years. Here’s what we do: Convert the mailbox to shared, remove the license, and apply a Purview retention policy that specifies 'retain for 7 years' then delete. This setup keeps things tidy. Just keep in mind that shared mailboxes can still take up tenant storage, so keep an eye on that if you have lots of departures.
For a more customized solution, you might want to look into retention labels that focus on when items were labeled. If you label a mailbox at the time of termination and set it to keep for seven years, it stays protected, but you'll have to manage the mailbox removal another way after that period.
I agree with the shared mailbox method! It's simple and cost-effective. Also, consider setting your retention policy behavior to 'retain and then do nothing' after the retention period ends. This way, items from within the retention window won't be permanently deleted, and you'll still be able to access them through discovery searches. But be aware that retention policies are based on when items were created or modified, not when you apply the policy.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures