Exchange 2007 policies

Policies in Exchange are designed to enable flexible administration of large numbers of Exchange objects. A policy is a collection of configuration settings that can be applied to one or more Exchange objects of the same class. This blog post gives an overview of Exchange 2007 policies: E-mail Address Policy (EAP), Exchange ActiveSync mailbox policy, Unified Messaging (UM) mailbox policy, and managed folder mailbox policy. Policies available in Exchange 2003 that are removed or changed in Exchange 2007 are also covered.

E-mail Address Policy (EAP)

EAP defines the proxy addresses that are stamped onto recipient objects. In Exchange 2007, every EAP must link to an existing accepted domain object. This is required so that e-mails sent to e-mail addresses defined by the EAP can be routed by Exchange 2007 transport servers. The relationship between EAP and accepted domains in Exchange 2007 and is covered in my recent post Recipient Policies and Accepted Domains.

Manage E-mail Address Policies

In the Exchange Management Console, the E-mail Address Policies tab of the Hub Transport node under the Organization Configuration work center is the place to create and configure e-mail address policies. If multiple policies apply to the same recipients, the policy with the highest priority (the lower the priority number, the higher the priority) takes precedence over any matching policies with a lower priority.

The PowerShell tasks used to manage e-mail address policies are <verb>-EmailAddressPolicy.

How EAP Enforces E-mail Address for Associated Recipients

The E-Mail Addresses property page of a recipient in the console allows management of recipient e-mail addresses. You can select whether to automatically update the e-mail address for this recipient based on e-mail address policies by checking or/unchecking the "Automatically update ..." checkbox at the bottom of this property page.

If a recipient is configured to automatically update the e-mail addresses based on e-mail address policy, all primary e-mail addresses (default reply addresses) of e-mail address types will always be set from the e-mail address policy. If you try to edit the primary address to a different e-mail address, it will always revert to the one specified by the e-mail address policy. Which policies applying to a recipient are up to the filtering rules of the policies.

The PowerShell command line to configure a mailbox to automatically update the e-mail addresses based on EAP is:

Set-Mailbox <mailboxid> -EmailAddressPolicyEnabled:$True

The command line to configure automatic update of e-mail addresses based on EAP for another type of recipient is similar.

Removal of Recipient Update Services (RUS)

In Exchange 2003, RUS is used to update e-mail addresses for recipients. This service processes e-mail address policy in an asynchronous way, which can be unreliable and unpredictable. Exchange 2007 doesn't rely on RUS to update e-mail addresses any more, instead it uses a predictable, synchronous e-mail provisioning process. Once an e-mail address policy is changed, the e-mail addresses for all associated recipients are updated synchronously.

See Evan's Top Exchange 2003 Recipient Problems and how they're fixed in Exchange 2007 and Goodbye RUS posts for a more detailed cover of removal of RUS in Exchange 2007.

Exchange ActiveSync mailbox policy

With Exchange 2007, you'll be able to create multiple Exchange ActiveSync (EAS) mailbox policies to have more control for mobile deployments. Exchange 2003 SP2 first introduced EAS policies; however Exchange 2003 can only create only a single global policy which applies to all users not specifically excluded. Exchange 2007 EAS policies are per-user policies, so you can create as many policies as needed to meet your company's security requirements.

Manage EAS Policies

In the console, the Exchange ActiveSync Mailbox Policies tab of the Client Access node under the Organization Configuration work center is the place to create and configure EAS policies.

The PowerShell tasks for managing EAS policies are <verb>-ActiveSyncMailboxPolicy.

Apply an EAS policy to a Mailbox

Each mailbox can have zero or one ActiveSync mailbox policy applied. Below is the console GUI to associate an ActiveSync mailbox policy to a mailbox.

An example PowerShell command line to assign an EAS policy to a mailbox is:

Set-CASMailbox <mailboxid> -ActiveSyncMailboxPolicy (Get-ActiveSyncMailboxPolicy "Corporate Mobile Policy").Identity

Unified Messaging (UM) mailbox policy

UM is a brand new feature introduced in Exchange 2007. UM mailbox policies are required when you enable users for Unified Messaging, as these policies control the association between UM mailbox and UM dial plan. You can also use UM mailbox policy to apply a common set of policies or security settings (such as PIN policies, dialing restrictions, etc) to a collection of UM-enabled mailboxes.

Manage UM policies

In the console, the UM Mailbox Policies tab of the Unified Messaging node under the Organization Configuration work center is the place to create and configure UM mailbox policies.

The PowerShell tasks for managing UM policies are <verb>-UMMailboxPolicy.

Apply an UM policy To a Mailbox

When you enable a mailbox for UM through the Enable Unified Messaging wizard, a UM policy is required. Below is the console GUI to associate a UM mailbox policy to a mailbox.

The PowerShell command line to assign a UM mailbox to a mailbox is:

Enable-UMMailbox <mailboxid> -UMMailboxPolicy "dp1 Default Policy" -Extensions 12345

Or if the mailbox is already UM-enabled:

Set-UMMailbox <mailboxid> -UMMailboxPolicy "dp1 Default Policy"

Managed folder mailbox policy

Managed folder mailbox policies are used for messaging records management (MRM), a.k.a e-mail lifecycle (ELC), in Exchange 2007. Managed folder mailbox policies collect managed folders into logical groupings. When a managed folder mailbox policy is applied to a mailbox, the managed folders and their settings linked to the mailbox policy are applied to the mailbox in a single step.

A blog post Records Management in Exchange Server 2007 and Outlook 2007 in 5 Easy Steps covered specifically how Exchange 2007 can help with MRM.

Manage Managed Folder Mailbox Policies

In the console, the Managed Folder Mailbox Policies tab of the Mailbox node under the Organization Configuration work center is the place to create and configure managed folder mailbox policies.

The PowerShell tasks for managing managed folder mailbox policies are <verb>-ManagedFolderMailboxPolicy.

The PowerShell command line to assign a managed folder mailbox policy to a mailbox is:

Set-Mailbox <mailboxid> -ManagedFolderMailboxPolicy "Inbox folder policy"

Policies in Exchange 2003 That Are Removed or Changed

System Policy

This has been removed. Refer to an earlier post Gone but not forgotten for a more detailed explanation.

Mailbox Manager Recipient Policy

This has been removed. The mailbox manager recipient policy is one kind of recipient policies in Exchange 2003, which is gone in Exchange 2007. This concept is replaced by managed default/custom folder, managed content settings and managed folder mailbox policy concepts in Exchange 2007, which is covered in the previous managed folder mailbox policy section of this post.

E-mail Address Recipient Policy

Changed. E-mail address recipient policy in Exchange 2003 has been separated into EAP and Accepted Domain concepts in Exchange 2007 which was covered in the E-mail Address Policy (EAP) section of this post.

- Jared (Ji-Chao) Zhang 

Comments (9)
  1. Matt M says:

    I’ve commented on this before, but the fact that policies can’t be automatically applied to users in the same or similar way as the Email Address policy is really poor and inconsistent. If you seriously think organisations are going to WANT to manually change each user for a EAS, UM, or Managed Folder policy, you have got to be kidding.

    At the very least it should be possible to set a default for all users.

    With regard to Powershell, using this to set users is not a solution for many customers. They just want to set and forget … and especially to keep the need to manage these things away from an already burdened Helpdesk.

    This shows as much foresight as dropping the ADUC snapin – none at all. The product is great, but you’re dropping the ball on the customer-facing components that really matter.

  2. Jared (Ji-Chao) Zhang says:

    Matt, ActiveSync is considering a default policy if no policy applied on a mailbox in service packs. For UM I filed a bug to UM team for tracking. For Managed Folder policy, it depends on how common administrators want a default policy applying to all mailboxes (or else we’ll need to remove this default policy from mailboxes that don’t want it). Can you give more information for if you have the requirements?

    On the other hand, for bulk operations using Powershell, EAS/UM/Managed Folder policy can be applied while provisioning or UM-enable mailboxes by specifing the policy, so admins don’t need to run the cmdline again just to apply a policy.

  3. Matt M says:

    Jared, it’s very simple. You can set a user to not automatically update email policy – Managed Folders would obviously work the same to permit exclusion. I also suggested being able to apply them to groups or OU’s, since this would also make a huge amount of sense.

    With regard to the Powershell … it would be nice if you guys gave it a rest. Workarounds are not solutions, and you haven’t really looked at how your customers do their most basic functions!

  4. zero says:

    Totally agree, give us a break with PowerShell, i

    t’s a pretty cool add-on but i think is a big

    mistake to practicaly force customers to use it

    for task that we’are used to in Exchange

    Management Console.

  5. Anonymous says:

    I have previously listed the progress we’ve been making in posting ITPro focused Systems Management blog

  6. scott s says:

    So in exchange 2003 I had a policy to delete all mail over 2 years old and to delete people trash every 30days, Now with 2007 I see how to make the same policies but it says I need to buy a Premium cal to do that, is that right or an I missing something?

  7. thomforeman says:

    I have to agree with Matt and Zero also. The shell is a great "nice-to-have" but I should be able to manage my Exchange 2007 with never having to use the shell. Everything you can do with the Shell you should be able to do with the Console.

    Another Issue: For the Managed Folders Policies, what if we want a policy on the Inbox, a separate policy on the Deleted Items, and separate policies on each Managed Folder? Is that impossible?

    Another Issue: You have to be able to see the stats of each users’ mailbox in the console, showing how many messages and how large the overall mailbox is. For informational purposes this is a must. It seems like it wouldn’t be that hard to include. This is a stunner when I bring this up with customers and other admins.

  8. Anonymous says:

    Greetings, everyone! In this post, we are going to conclude our discussion of e-mail records management

  9. r1mick says:

    I’m really struggling with a non-scripters view of this..

    How do I create a EAP based on a AD OU?

    Can someone please let me know if I just don’t get it or what?  I need help..

Comments are closed.

Skip to main content