Get answers to your Office 365 security and compliance questions

ra2 studio - Fotolia

Get started Bring yourself up to speed with our introductory content.

Key retention tools for the Office 365 administrator

Microsoft provides powerful management tools to assist companies that require a robust Office 365 retention policy.

For the Office 365 administrator tasked with managing Exchange Online, Microsoft's updated compliance section makes...

it easier to handle specific legal and regulatory duties.

Organizations obligated to hold email correspondences and documents for a specific period of time can use these revised tools to hold messages for the minimum legal requirement -- even if an end user deletes the message from a mailbox. Microsoft put most of the Office 365 retention and complication tools in the Security & Compliance Center (Figure 1). This tool set extends into the other Office Online applications -- not just Exchange Online.

Office 365 retention tools

An Office 365 administrator most likely will use the Retention tool under Data management as the primary tool to deal with messages. Retention breaks down into two categories:

Delete: The tools in this screen enable administrators to create retention tags and policies to manage when items should age out of the system. Many companies choose to delete items from mailboxes once those items reach a certain age. The Delete tool identifies which folder or types of items to purge automatically and when they are deleted, which is similar to traditional methods of handling on-premises Exchange Server.

Preserve: This is a new function and an extremely powerful tool for protecting messages for compliance. When a user deletes a message, Preserve keeps it until it reaches the age specified for deletion while the policy is active.

Office 365 Security & Compliance Center
Figure 1. The tools in the Security & Compliance Center not only work with Exchange Online, but the entire Office Online suite.

Build a preservation policy

To protect messages, click the + under the Preserve heading to create a new preservation rule (Figure 2).

Office 365 Retention
Figure 2. The Retention section in Office 365's Security & Compliance center gives administrators a tool to keep messages after they have been deleted.

In the following example, we create a rule to protect the messages from company officers for two years. The officers can delete messages, but the items remain in the system until the policy releases them. On the first screen, we will give the policy a name and description and then click Next.

On the next screen, choose the locations the policy will cover. There are options to protect SharePoint Online and OneDrive for Business sites, All public folders and Mailboxes. For this example, select Mailboxes and click Next.

Select mailboxes or groups to include in the policy. The Office 365 Retention tool gives the ability to create group and preservation policies for different departments. For example, you can create a longer retention period for the accounting and human resources departments than for the rest of the company. Select Next to continue.

The policy setting gives an option to enter keywords as message filters (Figure 3). Essentially, this allows administrators to create a legal hold based on content. Consider an example in which a court order states that all messages that came from company officers and mention "ABC Corporation" are protected. Instead of putting all the officer mailboxes on hold, an administrator can use a preservation policy to protect just the relevant messages from those officers. A date option is available to protect messages for a specific amount of time. Then, click Next.

Preservation policy keywords
Figure 3. The Exchange administrator can comply with a legal hold by limiting message retention to those with certain keywords and within a time range.

At the next screen, the administrator determines how long to maintain messages. For this example, use the custom option to select two years. Remember this rule will not purge the email messages when the date expires; it protects the messages so they are available for legal discovery. Click Next to continue.

The next screen asks for the Preservation Lock setting. You should not turn on Preservation Lock unless you need it because it will prevent everyone -- this includes all administrators -- from disabling, modifying or deleting the policy. Click Next to continue.

The last screen asks to either enable the new rule immediately or create it and enable it later. For this example, select Turn it off. I'll turn it on later and click Next.

This Retention tool gives administrators the flexibility to define different rules for different departments -- and even give them different ages for protection.

Office 365 retention notes

There are several considerations that affect how an organization uses protection rules. While administrators can use groups to apply a rule, the rule will not keep track of the group membership. If an admin needs to add an officer or remove that officer from the preserve rule, the administrator must add or remove them manually using the policy setup procedure or a remote PowerShell script.

The system retains a certain amount of deleted content per end user. This recoverable items quota defaults to 30 GB per end user.

When an end user's mailbox reaches that threshold, no additional items can be stored; when creating extensive holds, administrators must closely monitor space quotas. They can extend the quota limit by submitting a support ticket to Microsoft or placing the entire mailbox on legal hold. If approved, Microsoft typically extends the quota to 100 GB, although it may be possible to request more.

Lastly, any deleted item that's protected by legal hold or a preserve rule does not apply toward the mailbox storage quota.

Next Steps

Fine-tune SharePoint eDiscovery Center settings

How to change mailbox retention periods and make other bulk edits

Performing e-discovery across SharePoint, Exchange and Skype

Dig Deeper on Office 365 and Microsoft SaaS setup and management