Exchange 2013 Enhanced Email Retention, Archiving, Legal Hold, and eDiscovery

Eliminating the Need for 3rd Party Tools and Leveraging the Built-in Capabilities of the 2013 Office Server Products

In this day and age, email is more than just messages, calendars, and contacts for organizations, they also need the ability to address legal requirements around message retention (both keeping content or automatically deleting content by policy) along with the ability to do eDiscovery search of content throughout the enterprise as well as put content on Legal Hold.  While much of this was included in Exchange 2010, what Microsoft did for Exchange 2013 (and the corresponding SharePoint 2013, Lync 2013, and Office Web Apps) greatly enhances an organizations ability to perform required tasks.

Specifically, with the 2013 line of Office Server products, eDiscovery, Legal Hold, and other search and lock down tasks span ALL of the 2013 data stores. No longer does the discovery administrator need to search emails, then search archives, then search SharePoint, then search the filesystem and marry together the content, but instead within any of the 2013 products, a single search can span ALL repositories.  Additionally when information is searched and discovered, ALL of the content can be exported and/or put on Legal Hold, again without having to individually perform tasks for each environment.

Content can be retained using a variety of built-in functions such as:

  • Journaling:  With journaling, the organization can have exact copies of content captured and retained in a separate database (a “journaling database”) to ensure the content has not been tampered with and is available for legal search and review at a future time
  • Retention Policy:  Content within an Exchange environment can be set to be retained (or purged) based on policies set on the Exchange databases, so either configured through the Exchange Admin console or through a PowerShell command like   Set-MailboxDatabase -Identity MDB4 -DeletedItemRetention 365  to hold content from being deleted off the Exchange server
  • Personal Archives:  Each user in Exchange can have their primary mailbox and an Archive mailbox where the archive mailbox can have content drag/dropped to the archive box for long term storage, similar to what users have historically used Personal Store (PST) files in the past.  Unlike a PST file that is almost completely unmanaged by the organization (yet is still considered legal evidence), the Personal Archive in Exchange is part of the Exchange environment with content that can be searched, set for long term retention, and put on legal hold.

With Exchange 2013, Microsoft also expanded the capabilities to improve key areas of Classification and integration with Rights Management Services.  Classifying content is a major component of content archiving so that instead of the organization “saving everything” that builds up large stores of information, with Exchange 2013, an organization can have Exchange automatically classify content by perform word and content review of messages that automatically get flagged and tagged with retention rules.  Exchange 2013 works closely with Active Directory Rights Management Services (RMS) where the classification can kick off a rule that automatically encrypts the content and applies an information rights management policy to the content that prevents the content from being forwarded, opened by an unauthorized recipient, set the content to expire, and the like.  All this greatly improves the options for the security and compliance administrator in the organization to perform key tasks right in Exchange 2013.

Back in 2011, I blogged what is seen as the authoritative guide on the topic of email retention, archiving, Legal Hold, and eDiscovery where the basis of that article still applies to Exchange 2013 as the policies, retention scripts, and functions have carried over to Exchange 2013.  See my 7/29/2011 Blog Post for a copy of this article.

This integrated enhancement for eDiscovery and information management comes at a time when organizations are looking for alternatives to their 3rd party archiving tools.  In the past couple years, organizations have found their archiving vendor selling out and no longer being support (in the case of Mimosa NearPoint), has not been updated in a decade and thus very old and clunky (in the case of Symantec Enterprise Vault), or just requires more administration, management, constant care and feeding to keep a separate server configuration working properly with the core capabilities of Exchange OR as the organization looks to migrate mail to the Cloud (as in Office 365), how to handle on-premise archives.

The simplicity of having Exchange 2013’s archiving, retention, legal hold, and eDiscovery built-in, native, and part of the day to day administration of management of Exchange, plus the portability of mailboxes, archiving, policy rules, enterprise search, legal hold, and management universal between Exchange 2013 on-premise and Exchange Online in the cloud, organizations don’t have to create complicated plans and sophisticated training on managing their compliance driven communications.

Several other postings I’ve done on Exchange 2013, just click the Next Article or Previous Article buttons on this blog post to get to other articles I’ve covered, or to see a listing of all of the various blog posts I’ve done over the years.  Hopefully this information is helpful!

Rand Morimoto is the author of the book “Exchange 2013 Unleashed” by Sams Publishing that was available worldwide in November 2012 based on real world implementation and migrations to Exchange 2013 involving thousands of user mailboxes.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022