Adam’s O365 Tips and Tricks Part 1: Exchange Online Email Recovery and Retention

With most people moving to Exchange Online or other cloud-based solutions for email, I’ve decided to write up some tips and tricks that might not be well known, but will give you some useful tools for managing Office 365 (Well, I guess they’re calling it Microsoft 365 now), which is the cloud service I am most familiar with. I’ll be expanding and adding articles on the subject as I come up with ideas and remember things I’ve done through the years, so be sure to check back periodically to see what’s new. For this edition, I’ll be covering Exchange Online Backups

Exchange Online Backups Aren’t Necessary!

One thing that drives me bonkers about the third party tools market for Office 365 are the number of companies selling Office 365 Backup Services. Some of that may be helpful for things like OneDrive and SharePoint (Unless you have an E3 license), but Exchange Online provides numerous tools for recovering email and handling retention for all license levels, as long as it’s configured correctly.

Recovering Deleted Emails

The most important thing you can do with Exchange Online is to make sure that a feature called “Single Item Recovery” is enabled. What this feature will do is allow admins to recover any deleted item in any mailbox, even if the user has purged it from the Deleted Items folder (Available by Right-Clicking Inbox and selecting “Recover Deleted Items”). Single Item Recovery will allow items to be deleted, but will retain them for a period of time that you can configure in Exchange Online Powershell (Default is…*Forever*). Recovering emails usually requires the InPlace eDiscovery feature in the compliance tools (Those controls have moved around a lot, so just look for any compliance search features in EoL’s admin portal or the O365 Portal). For a more in-depth look at the feature, visit this Technet Blog.

Fun With Shared Mailboxes

One of the more entertaining features of Exchange Online is Shared Mailboxes. A Shared Mailbox is a limited functionality mailbox that (currently) has a 50GB limit, does not have a password (and so can’t be logged into directly), and is FREE. Yes, you read that correctly. You can have as many shared mailboxes in your EoL tenant as you want and don’t have to pay a license for them. This opens up a world of possibilities for creative admins. Just realize that you have to grant users permission to open these mailboxes before they can be accessed. By default, once you grant permission to a shared mailbox, it will auto-mount in Outlook after about an hour (you can keep it from mounting automatically by using PowerShell to grant the permission with the -automapping switch set to $false).

Shared Mailboxes feel very much like a legal gray area in Exchange Online, because even the entry level subscriptions for EoL allow them and they can be used to mimic many of the higher cost subscription features. If you feel icky about these tips, feel free to ignore them, as the legality of these uses really isn’t documented anywhere. Microsoft’s licensing tactics are notorious for being extremely complicated and confusing (I like to joke that understanding Microsoft’s licensing requires a chicken, a sacred altar, and an obsidian dagger crafted under the light of a blood moon), so take all this under advisement.

Terminated User Retention

If you are off-boarding an employee that is leaving the company for any reason, it is always a good idea to retain a copy of that user’s email for legal or transitional purposes. Most of the time, admins will access the user’s mailbox and export it to a PST for safe-keeping. This is absolutely still a possibility in EoL, but why use your own on-prem data storage to keep the email when you can convert the mailbox to a shared mailbox and have that users’ email available in the cloud for as long as you want without having to pay for it? It’s a great trick for handling data retention following an employee leaving. The EoL admin portal even makes it easy for you. Just click on the recipient and click the “Convert to shared mailbox” button. The process may take a while to finalize, since Shared Mailboxes are stored on different databases with cheaper storage than live mailboxes. Once the process is complete, however, you can either leave the mailbox as is or grant access to people who need it.

Mailbox Extension

This one is more legally questionable than terminated user retention (which seems to be perfectly acceptable, given the ease of implementation), and is entirely theoretical from a licensing standpoint, so if someone knows whether this is allowed or not, feel free to comment and I’ll remove this section. That said, it’s possible to use shared mailboxes to give a user more storage space for their mailbox.

The current limits for Exchange mailboxes are extremely generous, with 50GB for Business and E1 subscriptions, 100GB for E3 and up. Most organizations won’t use up a portion of that storage for email (especially considering the attachment limit of 50MB), but some executives and administrative staff members may break those limits, particularly in larger environments.

To add a shared mailbox as an extended storage space for a user’s mailbox, you need only create the shared mailbox in Exchange Admin > Recipients > Shared and add the necessary user as a “Delegate” with full access permissions. Instruct the user to move or copy emails to the new mailbox once it populates in Outlook, and voila. More mailbox. You can do this as many times as you feel necessary, just understand that adding mailboxes to Outlook can cause significant slowdowns once there are more than 3-4 additional mailboxes mounted.

Additional “FROM:” Addresses

One of the inherent limitations of Exchange that MS has either not been able to solve or has chosen not to solve is that each mailbox can only have a single email address assigned as the “From:” address. If you want to send email using multiple email addresses, you have to have an additional mailbox. The solution for this conundrum in Office 365 is to create a shared mailbox that has the additional email address set as the Primary SMTP address, then grant the user’s regular mailbox Send As permission on the mailbox. You can then choose whether to set up email forwarding on the shared mailbox to redirect messages to the primary mailbox (Preferred) or grant full access to the shared mailbox and mount it as a secondary.

End of Part 1

Hopefully one of these tips proves useful for you (The list is short right now, but I expect it to expand in time), and if you happen to know of a good trick, tool, or tip for other admins, let me know and I’ll add it to the list.

Leave a Reply

Your email address will not be published. Required fields are marked *