You have to control email in your company for good work and legal reasons. Exchange Email Retention helps you follow tough rules from laws like GDPR, HIPAA, SOX, and SEC. These laws often say you must keep emails for many years and stop anyone from changing them. Many companies pick Exchange because it has tools that save emails and keep them safe. This makes it easier to follow the law and protect your data.

Tip: Using Exchange Email Retention helps you follow rules and avoid big fines.

Key Takeaways

• Make sure you have admin permissions before you start. This helps you manage email retention the right way.

• Use Exchange Admin Center for easy tasks.

• Use PowerShell for harder or bigger changes when making retention tags and policies.

• Make retention tags to set how long emails stay. Tags also decide what happens to emails. You can use default, folder-based, or personal tags.

• Put retention tags into groups called policies. Give these policies to mailboxes. This keeps email management neat and follows the rules.

• Check and update your retention policies often. This makes sure they work well and follow new laws and company rules.

Prerequisites

Permissions Needed

You need special permissions before you set up Exchange Email Retention. Without these, you cannot make or change retention policies. The table below lists the main admin roles and what they do:

Note: If you work at a small company, you might use the Organization Management role. This role usually lets you manage retention policies.

You must have one of these roles to set up or change retention policies. If you do not have the right role, ask your IT admin for help.

Tools: EAC & PowerShell

You need the right tools to set up Exchange Email Retention. Most admins use the Exchange Admin Center (EAC). It is a simple web tool. You can also use PowerShell for harder jobs or when you need to change many mailboxes. Outlook lets users see their own retention tags. Sometimes users can add personal tags, but only admins set up the main policies.

• Exchange Admin Center (EAC): Use this for most retention policy jobs. It has a simple interface and step-by-step choices.

• PowerShell: Use this for scripts, automation, or when you need to update many mailboxes at once.

• Outlook: Users can see their retention tags here. Some personal tags can be added by users, but admins control the main settings.

If you set up retention policies wrong, you can have problems. You might lose important data or keep too much, which can be risky. Retention policies are not backups. They move deleted items to hidden folders. If you do not plan well, it can be hard to get things back. Always check your settings before you use them.

Exchange Email Retention Tags

When you set up Exchange Email Retention, you use retention tags. These tags help you decide how long emails stay in mailboxes. They also tell what happens to emails after some time. Retention tags help you sort, keep, or delete emails. You follow your company’s rules when you use them.

Tag Types

There are three main types of retention tags in Exchange.

• Default Policy Tags (DPTs): These tags go on all emails that do not have another tag. DPTs make a rule for emails with no tag. For example, you can delete all untagged emails after five years.

• Retention Policy Tags (RPTs): These tags work on folders like Inbox, Sent Items, or Deleted Items. RPTs let you set rules for these folders. For example, you can delete emails in Deleted Items after 30 days.

• Personal Tags: These tags let users choose. Users can put personal tags on single emails or folders. This helps if someone wants to keep an email longer or delete it sooner.

Note: Personal tags help users with special cases. You can let users use personal tags or block them by changing their role.

The Managed Folder Assistant (MFA) checks mailboxes and uses these tags. If a user adds a personal tag, it is more important than folder or mailbox tags. This system keeps your rules clear and fair.

Here is a table to show how each tag type works:

Tip: Message-level tags (personal tags) always win over folder or mailbox tags. If you move an email to a new folder, it gets the folder’s tag unless you already set a personal tag.

Create Tags in EAC

You can make retention tags in the Exchange Admin Center (EAC). The EAC is a web tool that is easy to use.

1. Sign in to the Microsoft Purview portal.

2. Go to Solutions > Data lifecycle management > Exchange (legacy) > MRM Retention tags.

3. Click + New tag.

4. Pick how the tag will be used:

   • Automatically to entire mailbox (default) for a Default Policy Tag (DPT).

   • Automatically to default folder for a Retention Policy Tag (RPT).

   • By users to items and folders (personal) for a personal tag.

5. Set the retention settings:

   • Choose how long to keep emails (like 365 days or never).

   • Pick what happens after (Delete and allow recovery, Permanently delete, or Move item to archive).

6. Name your tag and add a description if you want.

7. Check your settings and submit to make the tag.

Note: Sometimes, the EAC does not save changes for some folders, like Deleted Items. If this happens, you may need to use PowerShell.

Create Tags in PowerShell

PowerShell gives you more control and lets you do things faster. You can use it to make tags, especially if you have many mailboxes or need special settings.

First, connect to Exchange Online PowerShell:

$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $Session

To make a retention tag for Deleted Items that deletes emails after 30 days, use:

New-RetentionPolicyTag -Name "Delete Deleted Items after 30 days" -Type DeletedItems -RetentionAction PermanentlyDelete -RetentionEnabled $true -AgeLimitForRetention 30

To make a personal tag that lets users move emails to archive after 2 years, use:

New-RetentionPolicyTag -Name "Archive after 2 years" -Type Personal -RetentionAction MoveToArchive -RetentionEnabled $true -AgeLimitForRetention 730

When you finish, close your session:

Remove-PSSession $Session

Tip: PowerShell lets you run the Managed Folder Assistant right away. Use Start-ManagedFolderAssistant "user-email-address" to use your new tags quickly.

PowerShell is strong, but you must be careful. Removing tags from many mailboxes can use a lot of resources. The EAC is easier for simple jobs. PowerShell is best for big or hard jobs.

Note: Check your retention tags often. Update them when your company’s rules or the law changes. This keeps your email management safe and current.

Retention Policies

Retention policies help you control how long emails stay in your organization. You group retention tags into a policy and then apply that policy to mailboxes. This keeps your email system organized and helps you meet legal rules.

Create Policy

You create a retention policy by following these steps:

1. Open the Exchange Admin Center.

2. Go to Compliance Management and select Retention Policy.

3. Click the plus sign (+) to start a new policy.

4. Name your policy so you can find it later.

5. Add the retention tags you want to use.

6. Save the policy.

You can group different tags in one policy. This lets you set rules for the whole mailbox, special folders, or even let users pick their own tags. When you finish, you can assign the policy to one or more mailboxes.

Add or Edit Tags

You can add new tags or change old ones in your policy. Here is how you do it:

1. In the Exchange Admin Center, go to Compliance Management and select Retention Tags.

2. Click the plus sign (+) to add a new tag or select a tag to edit.

3. Choose the type of tag: Default Policy Tag, Retention Policy Tag, or Personal Tag.

4. Set the retention action, like delete, move to archive, or allow recovery.

5. Pick how long to keep the emails.

6. Save your changes.

You can always update your tags if your company rules change.

Policy Actions

Retention policies let you choose what happens to emails after a set time. Here are the most common actions:

You can customize retention policies to fit your needs. Some companies keep emails for a few months. Others keep them for years to follow laws like HIPAA or GDPR. You can set different rules for different users or teams. This helps you balance storage, performance, and compliance.

Tip: Review your Exchange Email Retention settings often. Update them when your business or the law changes.

Assign Policies

Giving mailboxes retention policies is important. It helps your company follow rules and laws. You can do this in the Exchange Admin Center (EAC) or with PowerShell. You can also set policies for many mailboxes at once. This part will show you how to use each way.

Assign in EAC

The Exchange Admin Center lets you set a retention policy for one mailbox. This is simple if you only need to update a few people.

Do these steps:

1. Open the Exchange Admin Center. Go to the recipients or mailboxes area.

2. Find the mailbox you want to change.

3. Double-click the mailbox to see its settings.

4. Look for the Retention Policy part. Click Manage mailbox policies.

5. In the Retention Policy list, pick the policy you want.

6. Save your changes.

Tip: Always check that you picked the right mailbox and policy before saving.

You can do these steps for each mailbox. The EAC shows you each user's settings clearly.

Assign in PowerShell

PowerShell helps you set retention policies fast. It is good if you need to update many mailboxes. You use the Set-Mailbox command with the -RetentionPolicy option.

Here are some common commands:

1. To set a retention policy for one mailbox:

Get-Mailbox jdoe | Set-Mailbox -RetentionPolicy PolicyName

1. To change the policy for all mailboxes with an old policy:

$OldPolicy=(Get-RetentionPolicy "Old-Retention-Policy").distinguishedName
Get-Mailbox -Filter "RetentionPolicy -eq '$OldPolicy'" -Resultsize Unlimited | Set-Mailbox -RetentionPolicy "New-Retention-Policy"

1. To set a policy for every mailbox in your company:

Get-Mailbox -ResultSize unlimited | Set-Mailbox -RetentionPolicy "RetentionPolicy-Corp"

1. To set a policy for all mailboxes in one department:

Get-Mailbox -OrganizationalUnit "Finance" -ResultSize Unlimited | Set-Mailbox -RetentionPolicy "RetentionPolicy-Finance"

1. To see which policy is on a mailbox:

Get-Mailbox Morris | Select RetentionPolicy

1. To list all mailboxes with a certain policy:

Get-Mailbox -ResultSize unlimited | Where-Object {$_.RetentionPolicy -eq "RP-Finance"} | Format-Table Name,RetentionPolicy -Auto

Note: PowerShell is strong. You can change hundreds of mailboxes in seconds. Always test your commands on a small group first.

Bulk Assignment

If you need to set or remove policies for many users, bulk actions help. PowerShell is best for this.

• To remove retention policies from all user mailboxes:

Set-Mailbox -Identity (Get-Mailbox -Filter { (RecipientTypeDetails -eq 'UserMailbox') } -ResultSize Unlimited).Identity -RetentionPolicy $null

• To make new policies work right away, run the Managed Folder Assistant:

Get-Mailbox -Filter { (RecipientTypeDetails -eq 'UserMailbox') } -ResultSize Unlimited | ForEach-Object { Start-ManagedFolderAssistant $_.Identity }

Tip: After you make big changes, run reports to check that every mailbox has the right policy.

User-Level Assignment and Inheritance

Users can see their retention policies in Outlook. They can use personal tags on folders or messages if you let them. But users cannot change or remove the main retention policy. Only admins can set or clear retention holds with PowerShell. Outlook does not let users change these settings.

• Users cannot remove or change retention holds in Outlook.

• Only admins can turn retention holds on or off with PowerShell.

• Organization settings can be stronger than mailbox settings.

• Some policies, like those with Preservation Lock, cannot be changed by anyone.

Note: Admins control all main retention settings. Users can only use the options you give them.

Documentation and Auditing

You should write down every retention policy you set. Good records help you show you follow the rules during audits. Many companies:

• Write down how long to keep emails and why.

• List who manages and approves each policy.

• Keep logs of policy changes and assignments.

• Review and update policies when rules or laws change.

• Teach staff about each policy and what it does.

Keeping good records helps you get ready for audits and keeps your company safe.

Exchange Email Retention helps you manage emails and follow the law. Setting policies the right way keeps your data safe and legal.

Verify & Troubleshoot

Check Assignment

You have to check if your retention policies are set up right. First, see which policy is on each mailbox. Open PowerShell and run Get-Mailbox <MailboxName> | Select RetentionPolicy to find the policy for one mailbox. To check many mailboxes, use Get-Mailbox -ResultSize unlimited | Where-Object {$_.RetentionPolicy -eq "PolicyName"} | Format-Table Name,RetentionPolicy -Auto. Always make sure you have the right permissions before you run these commands. You can also use the Exchange Admin Center. Go to Recipients, pick Mailboxes, and look at the Retention Policy section. If you change a policy, use Set-Mailbox and then check again with Get-Mailbox. Some admins use reporting tools like Exchange Reporter Plus. These tools give you reports about mailbox settings and help you check your work.

Monitor Compliance

You need to know if your policies work the way you want. Use these tools and reports to help you. Exchange Reporter Plus shows which retention policies are on each mailbox. It lists policy settings, expiry actions, and message types. The tool tracks when policies were made or changed. You can see graphs that show how many mailboxes use each policy. Reports let you pick a policy and see all mailboxes that use it. You can export reports as CSV, XLS, PDF, or HTML files. Other tools, like Exchange Compliance Reporting, help you track and check policy use.

Tip: Look at these reports often to keep your company following the rules.

Common Issues

Sometimes, retention policies do not work as planned. Here are some common problems and ways to fix them. First, check if the policy is assigned: Get-Mailbox <mailbox_name> | Select RetentionPolicy. Make sure the policy is turned on: Get-Mailbox <mailbox_name> | Select RetentionPolicyEnabled. Confirm the Managed Folder Assistant is running: Get-MailboxDatabase | Select MaintenanceSchedule. Look for items that are on legal hold or have special tags. If problems do not stop, make the policy and tags again. Watch for conflicts between different tags or policies. Make sure you use user mailboxes, not shared mailboxes, for some features.

If your company must keep emails for legal reasons, use Litigation Hold or In-Place Hold. Litigation Hold keeps all mailbox items safe, even if users delete them. In-Place Hold saves only items that match certain searches. Both use the Recoverable Items folder to keep data safe. Retention policies still work, but items on hold stay longer to meet legal needs. Use holds carefully, because they can make searches harder and increase risk.

You can control your company’s emails by doing a few steps. First, get the right permissions. Next, make tags for emails. Then, create policies and give them to mailboxes. After that, check your work to make sure it is right. Automated retention policies help you follow the law and avoid mistakes. They save time because you do not have to manage emails by hand. Many companies have saved money and avoided fines with these policies. Check your settings often so you follow new laws and business changes.

FAQ

What happens if you delete a retention policy?

When you delete a retention policy, Exchange takes it off mailboxes. The emails keep their tags until you add a new policy. Always check mailboxes after you delete a policy.

Can users change their own retention tags?

Users can use personal tags if you let them. They cannot change or remove the main retention policy. Only admins can set or remove these policies.

How often does Exchange process retention policies?

Exchange runs the Managed Folder Assistant every 7 days by default. You can run it yourself with PowerShell if you want changes to happen sooner.

Do retention policies back up your emails?

Retention policies do not make backups. They only control how long emails stay in mailboxes. You need a different backup tool to keep your data safe.