Over the last several years, many laws have been
passed that set specific requirements for email
retention. Although various third-party products such as AdvisorMail, Optiva Systems's ArcMail E-Mail
Defender, and Quest Software's Quest Archive Manager
can help organizations running Microsoft Exchange Server
2003 comply with these regulations, Exchange 2003 wasn't
designed with long-term mail retention in mind. Not
surprisingly, Exchange Server 2007 addresses these shortcomings. Although Exchange 2007 probably won't be
completely compliant with federal regulations such as
the Sarbanes-Oxley (SOX) Act right out of the box, it offers
mechanisms that make achieving compliance easier.
This article was written in November 2006. As such,
information that I discuss here is based on a beta version of
Exchange 2007 and could potentially change by the time the
final product is released. However, Microsoft is far enough
into the beta cycle that I don't anticipate any major changes
to the way that Exchange 2007 works.
Messaging Records Management
When you hear people discuss making a mail server compliant with the latest regulations, one central theme that
usually comes up is message archiving. Various laws require
email to be retained for specific lengths of time. But you can't
depend on users to save a copy of every message. Even if
users consistently saved all their mail, locating specific messages on demand would be nearly impossible because the
messages would be scattered among the users' mailboxes.
An Exchange 2007 feature that can help make message
archiving easier and more reliable is messaging records
management, which lets you assign retention rules to
specific folders. When used in conjunction with transport
rules, messaging records management can sort and archive
messages according to your company's needs.
To demonstrate how messaging records management
works, suppose that you want to keep users' mailboxes clean
by implementing an email-retention policy mandating that
any message more than three months old be deleted. Let's
also suppose that you're required to keep any messages
related to the Contoso account for five years.
In a situation like this, you could create a managed
custom folder with a five-year retention period. You could
then create a mailbox that's used solely as a repository for messages related to the Contoso account. Because this mailbox has a special purpose, you wouldn't apply your regular
retention policy to it. Instead, you'd create a transport rule
that captures any message mentioning the Contoso account
and sends a copy of the message to the designated mailbox.
Then you'd use a Microsoft Office Outlook rule to move messages arriving in the mailbox to the managed custom folder
with the five-year retention period.
If you're used to running Exchange 2003, this method
probably seems completely foreign to you. But the technique sounds more difficult than it really is. For an outline
of the procedure, see the sidebar "Step-by-Step Email Retention in Exchange 2007". Now, let's look more
closely at how to implement it.
Create a Managed Custom Folder
The first step in this technique is to create a managed
custom folder and assign a five-year retention period to it.
To do so, open Exchange Management Console (formerly
known as Exchange System Manager) and expand the Organization Configuration container, then select the Mailbox
container beneath it. The console's middle pane displays
a series of tabs related to the Mailbox container. Select the
Managed Custom Folders tab, then right-click in the empty
area beneath it. Choose the New Managed Custom Folder
command from the resulting shortcut menu to launch the
New Managed Custom Folder wizard. (Managed folders are
available organization-wide, so you can apply them to any
mailbox throughout the organization.)
As you can see in Figure 1, you start by entering
a name for the new folder. For this scenario, enter Contoso
Account as the folder name. As you enter the name, the text
box below it automatically fills in the name that users will see
when they view the folder in Outlook. You can enter additional text in the large text box so that it's displayed when
users view the folder through Outlook. For this example,
enter the following text: All messages related to the Contoso
account must be retained for five years. Finally, select the Do
not allow users to minimize this comment in Outlook check
box. (Note that only Microsoft Office Outlook 2007 and
Microsoft Outlook Web Access—OWA—2007 display this
check box.)
Click the New button to finish creating the folder.
Exchange displays a summary of the action along with the Exchange Management Shell command that you can use to script the action in
the future. Click Finish to close the wizard.
Now that you've created the new managed
folder, it's time to configure a retention policy
for it. The Contoso Account folder now appears
in the Mailbox container, as Figure 2 shows. To
configure the folder's policy, select the folder, then click the New Managed Content Settings
link in the Contoso Account pane on the right
side of the screen.
At this point, the New Managed Content
Settings wizard opens, as Figure 3 shows. Begin
by entering a descriptive name for the new
settings. Set the Message type option to All Mailbox Content, then select the Retention period (days) check box.
Previous
Register
