Archiving in the cloud withExchange Online ArchivingBharat SunejaSr Technical Writer | ExchangeMicrosoft Corporation

EXL301

Archiving and ComplianceStorage Management

Balance mailbox size demands with available storage resourcesReduce the proliferation of PST files stored outside of IT controlImprove overall application and network performanceData RetentionMeet industry and regulatory email data retention requirementsSupport ongoing compliance, litigation or personnel mattersPreserve valuable intellectual property and corporate assetsDiscoveryRespond to strict timelines for legal discovery ordersReduce costs involved in searching for and retrieving dataReport on email communications as part of auditing procedures

Before Exchange 2010

Transport Journaling to feed journaling mailboxes or 3rd party archiving systems/serviceJournaling agent on Hub Transport applies Journal Rules, generates journal reports (message + metadata)

More at aka.ms/journaling

Exchange In-Place Archiving & Compliance

Consolidated storage - data resides in ExchangeRich end-user experiences – Native rich archive access with Office client toolsSimplified management – Single & unified IT & compliance management tools

3rd Party Archiving & ComplianceExchange In-Place Archiving & Compliance

3rd Party Archive

End User IT Admin IT AdminEnd User

Archive User ExperiencePST-like experience in OWA and Outlook

Drag and drop messages to move/copy to archive

Online-only access from OutlookMove to archive MRM policy to move items to archive

Also, Inbox rules to move messages or apply move policy

Archive Admin ExperienceSecond mailbox associated with user, not cachedShares same Active Directory user object as primary mailboxSame HA, Migration concepts as primary mailbox

demo

NameTitleGroup

Archive Experience

Cloud Deployment Scenarios

Primary Archive

Exchange Online Archiving (EOA)

On-Premises

*Cross-premises and EOA scenarios require Exchange 2010 SP1 On-Premises

Primary

Archive

Fully Hosted

Primary

Archive

Cross-premises Co-Existence

Primary

Archive

On-Premises

Exchange Online Archiving OverviewAbility to host primary on-prem and archive in the cloud

Per-user setting, tenant can have mix of users with on-prem and cloud-based archivesUnlimited Quota

Simplified on-prem storage management

Seamless user compliance spanning on-prem primary and cloud archive

MRM Move to archiveHoldeDiscovery Auditing

All management actions on-prem – very little cloud management

Requires hybrid configuration

Mechanics of Exchange Online Archiving

AD AD

AD

On-Premises Exchange Exchange Online

Office 365

AD FS

DirSync DirSyncForward Sync

WriteBack

Mechanics of Exchange Online Archiving Provisioning is asynchronous

AD AD

AD

On-Premises Exchange Exchange Online

Office 365

AD FS

DirSync DirSyncForward Sync

WriteBack

Enable-Mailbox user1 –remotearchive

Provision archive mailbox

Get-Mailbox user1 –archive

Provision new cloud-basedarchive

1

Active Directoryobject created

2

3

Mechanics of Exchange Online Archiving Provisioning is asynchronous

AD AD

AD

On-Premises Exchange Exchange Online

Office 365

AD FS

DirSync DirSync

Enable-Mailbox user1 –remotearchive

Provision archive mailbox

Get-Mailbox user1 –archive

Provision new cloud-basedarchive

1

Active Directoryobject created

2

Cloud-basedArchive created

4Forward Sync3

WriteBack5

Managing the archive

Exchange mailbox management tools to manage archive

Create a cloud-based archive (New mailbox)Enable the archive (Existing mailbox)Move an on-premises archive to the cloud (Shell only)Move a cloud-based archive to on-premises (Shell only)Disable the archiveReconnect a disabled archive

demo

EOA Management

Exchange Online Archiving: Client Access

Clients should be configured to point to on-premises CASOutlook gets AutoDiscover response and communicates directly with EOAOWA relies on on-prem CAS to proxy traffic to EOA

AP

CAS

CAS

On-PremisesExchange

Exchange Online

AutoDiscoverrequest

1AutoDiscoverresponse

2

Directarchiveaccess(OutlookAnywhere)

3OWARequest(HTTPS)

1

OWA Proxy2

Diagnosing Archive mailbox AutoDiscovery

Select XML tab to view AutoDiscover response3CTRL + right-clickOutlook iconin system tray

1

Select Test E-mailAutoConfiguration

2

Exchange Online Archiving – setupSubset of Hybrid Configuration

Exchange Server 2010

SP1 CAS/Hub

Archive Provisioning

Office 365 Directory Sync

w/ WriteBack

OWA remote archive access

AD FS Outlook Archive Single Sign On

Exchange Server 2010

SP1 CAS/Hub

Exchange Server 2010

SP1 MBX

eDiscovery, x-prem, MRM MTA

Wednesday@1:30PM - EXL303 Configuring Hybrid Exchange the Easy Way – Ben ApplebyHTTPS [TCP 443]

EOA Setup

Step Details Required/Recommended

Add your domains in the Office 365 portal

Add any primary SMTP domains (including Archive Domain)

Required

Configure Federated Identity (ADFS)

Single sign-on remote archive logon from Outlook Highly Recommended

Configure DirSync Required for remote archive provisioning Required

Enable DirSync Writeback Required for archive provisioning to complete Required

WCF 3.5 Pre-Req http://code.msdn.microsoft.com/KB982867

Required

1

2

3

4

5

EOA Setup

Step DetailsRequired/Recommended

Install Exchange Server 2010 SP1 server On-premises

On-premises Exchange Server 2010 SP1 CAS/Hub server (also MBX role for some scenarios) required for hybrid features

Required

Configure cloud Autodiscover DNS record

Allows on-premises targeted autodiscover Outlook client to redirect to cloud without prompts

Required

Publish MRS Proxy Allows Exchange Online Mailbox Replication Service (MRS) to connect On-Premises and perform a move to the cloud

Required

Configure Federation Trust / Org Relationship“Federated Sharing”

Enable infrastructure for delegated Live namespace federation.

Required for OWA remote archive access, cross-premises eDiscovery, MRM move to archive

Required

Synchronize Retention Policies

Export Retention Policy from on-prem to cloud(use export/import scripts that ship on-prem)

Required

Exchange 2010 SP2 Hybrid Wizard Replaces these steps

http://aka.ms/eoasetup

5

6

7

8

9

EOA Deployment steps in EDAExchange Deployment Assistant Steps

http://aka.ms/exdeploy

MOVE AND DELETE POLICYIW and IT Pro Experience

Message Retention: Overview

Use Retention Policies to manage email lifecycleArchive (Move) Policy: automatically moves mail to the archive

End User Impact: Keeps Mailbox under quotaLike Outlook Auto-Archive – without PSTsImplemented using Move DPT

Delete Policy: automatically deletes mailEnd User Impact: Unwanted mail is removed from viewEnd User Impact: Keeps Mailbox under quotaDelete Policies apply whether in primary or archivePer item policies take precedence over folder policiesPolicy properties are preserved so message retention is respected in third party systems.

http://aka/ms/retention

Move and Delete Concepts

Retention TagsName, Action (Move | Delete), Time periodAdmin mandated (Default Folders (RPT) | Entire Mailbox (DPT))

All items in mailbox moved to archive in 2 yearsAll items in mailbox deleted in 7 yearsAll items in Junk Mail folder deleted in 14 days

User applied (Personal Tags) – folder or messageNever delete items in Reference folder

Retention Policies Group retention tagsPolicies span to groups of users like ‘Accounting’ Deterministic: User has one retention policy

EMC MRM ConfigurationOrganization Configuration > Mailbox > Retention Policy TagsOrganization Configuration > Mailbox > Retention Policies

Retention Policies in Outlook 2010 and OWA

Expiration date stamped directly on email

Delete policies

Policies can be applied to a folder

Policies can be applied directly to an email

Archive policies

Preserve: Optional Retention Tags

Archive Policy

Delete Policy

Additional policies for special projects or roles (e.g. HR)Tags not part of Retention Policy, users select from ECP

How retention policy is applied

Retention policy applies to mailbox userSame policy applies to primary and archive mailboxes

Archive & delete policies independent of each otherItem can have both archive and delete policiesItem moved to archive in X days, deleted in X+Y daysWhat if: Retention age in delete policy < archive policy?

The delete policy stamped on item preserved when moved to archivePrecedence rule:

Policy tag that is closest scope to a mail item wins

Configuring MRM Mailbox Assistant

MRM Mailbox Assistant, aka “Managed Folder Assistant”Runs as a background process to crawl mailboxes and take action on “expired” mail items

Exchange 2010 RTM – Specify a schedulestart, end time and frequency (e.g. daily 1:00 AM – 6:00 AM)Can result in processing being forever behind

Exchange 2010 SP1 – Specify a workcycleAssistant runs throttled to not compete with critical mailbox processesWorkcycle –how often to process mailboxes (e.g. every 48 hours). On-prem default: 1 day. Use Set-MailboxServer to modifyIn Office 365 cycle is 7 days (no admin config required)

Retention Hold

Administrator override to pause all message retention policy actions (e.g. when employee on vacation)

Set-Mailbox –Identity bsuneja –RetentionHoldEnabled $true –RetentionUrl “http://intranet/holdpolicy” -StartDateForRetentionHold 6/10/2012

-EndDateForRetentionHold 7/5/2012

Migrating Retention Policies to CloudMRM policies not automatically migrated or synced to cloud

Scripts shipped to automate export and import of Retention Policies & Retention Tags between on-premises and cloud-based orgs *

Export-RetentionTags.ps1Import-RetentionTags.ps1

Do this before provisioning/moving archives to the cloud

P AP A

Export-RetentionTags.ps1 Import-RetentionTags.ps1

On-Premises Cloud

Export Import

MRM Policy

*Location: %Program Files%\Microsoft\Exchange Server\V14\Scripts

.xml

PRESERVE: HOLD POLICY

Legal Hold, Single Item Recovery & Recoverable Items store

Preserve: Legal HoldOverview

Preserve items for recovery and discovery for an finite or indefinite period of time without impacting end user experience

Captures deletes and edits (copy-on-write)User workflow is unchanged, items captured in Recoverable Items Store 2.0Multi-Mailbox Search can search items indexed in Recoverable Items Users can receive notification they’re on hold; eliminates manual processNo end-user impact

Preserve: Legal HoldConfiguration

Set legal hold to capture all changes indefinitely

Captured e-mail data found in multi-mailbox search results

Provides separate settings to enable single item restoreOptional alert message for users with Outlook 2010 and OWA

Preserve: Hold PolicyUser Experience

URL links to additional info

User is told how to comply (no action needed for e-mail)

Rolling HoldPreserve user data for a rolling window of time irrespective of user actions

Achieved using Single Item Recovery (SIR)SIR captures all edits for a specified time period

Set-Mailbox -Identity asummers -SingleItemRecoveryEnabled $true

Off by default on-premisesOn by default in Exchange Online with default window of 14 days.

Changing time window requires a support call.

Hold Management & the Cloud

Manage Legal Hold against current location of the primary mailboxSetting hold on user on-premises applies to EOA automaticallyArchives (on-premises or cloud-based) have their own Recoverable Items 2.0 store

Items deleted from archiveOriginal copies of modified items

AUDITING & REPORTINGConfiguration Audit and Mailbox Audit

Auditing

Compliance ConfigurationAll the configuration changes made by the administrators from any of the UIs Was litigation hold ever removed from this mailbox? Who has been running Discovery searches? What was the old value of retention period?

Non-Owner Mailbox AccessMailbox data access actions performed by Administrators/Delegates/Owners Who is reading my emails? Who really sent that email

Audit: Configuration AuditLogs all state changing cmdlets against Exchange

set-*, new-*, enable-*, (optional) test-*Set-AdminAuditConfig –AdminAuditLogEnabled $true

Configured per tenant organization in Office 365 (ON by default)

On-prem audit events logged in arbitration mailboxEOA audit logged to online tenant arbitration mailboxResults can be searched/exported usingNew-AdminAuditLogSearchSearch-AdminAuditLogECP UI

Audit: Mailbox AuditCaptures all non-owner access to a mailbox

Captures all operations performed on that mailbox.Includes access by Admin & Delegate users

Configured per user using set-mailboxLogged to special Audit folder in user mailboxResults can be searched/exported using Search-MailboxAuditLogNew-MailboxAuditLogSearchECP UI

Audit: Reports in ECP UI

Audit Reports:1. Non-Owner MBX Access2. Hold Admin Activity3. Roles membership

Export Audit Logs

DISCOVER: MULTI-MAILBOX SEARCHDiscovery Console in ECP and PowerShell search

Performs distributed search across end user mailboxes located on multiple servers.Searches all user data (archive included automatically)

User’s EOA data also searchedAbility to view keyword statistics & copy results to discovery search mailbox on-premisesAbility to annotate items with metadata for review.Admins by default do not have access to search mailboxes, Discovery Management RBAC role is requiredSearch is throttled and parallelized

Discover: Multi-Mailbox Search

Session Objectives and Takeaways

Session Objective(s): Overview of Exchange Online (EOA)Setup and deployment of EOACompliance features in EOA

Key TakeawaysExchange Online Archive allows customers to consolidate email and simplify on-premises storage managementExchange Online Archive enables simplified compliance management

Related Content

EXL303 Configuring Hybrid Exchange the Easy Way

EXL11-HOL Microsoft Exchange Server 2010 Compliance: Archiving & Retention

Demos and questions at Microsoft Exchange booth

Find Me Later At… Exchange booth, @bsuneja on Twitter

Follow us on Twitter! @MSFTExchange hash tags: #MSExchange

Track Resources

Understanding Exchange Online Archiving (aka.ms/eoa)

Configure Exchange Online Archiving (aka.ms/eoasetup)

Exchange Online (aka.ms/eo) – Price and plans

Exchange Server Deployment Assistant (aka.ms/exdeploy) – Hybrid Config

Resources

Connect. Share. Discuss.

http://europe.msteched.com

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Resources for Developers

http://microsoft.com/msdn

Evaluations

http://europe.msteched.com/sessions

Submit your evals online

MS Tag

Scan the Tagto evaluate thissession now onmyTechEd Mobile

Required Slide *delete this box when your slide is finalized

Your MS Tag will be inserted here during the final scrub.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.