Prevent archiving of items in a default folder in Exchange 2010


In Exchange 2010, you can use Retention Policies to manage message retention. Retention Policies consist of delete tags, i.e. retention tags with either Delete and Allow Recovery or Permanently Delete actions, or archive tags, i.e. retention tags with the Move To Archive action, which move items to the user’s archive mailbox.

Depending on how they’re applied to mailbox items, retention tags are categorized as the following three types:

  1. Default Policy Tags (DPTs), which apply to untagged items in the mailbox – untagged items being items that don’t have a retention tag applied directly or by inheritance from parent folder. You can create three types of DPTs: an archive DPT, a delete DPT and a DPT for voicemail messages.
  2. Retention Policy Tags (RPTs), which are retention tags with a delete action, created for default folders such as Inbox and Deleted Items. Not all default folders are supported. You can find a table showing the default folders supported for RPTs in Understanding Retention Tags and Retention Policies. Notably, Calendar, Tasks and Contacts folders aren’t supported1.
  3. Personal Tags, which are retention tags that users can apply to items and folders in Outlook 2010 and Outlook Web App. Personal tags can either be delete tags or archive tags. They’re surfaced in Outlook 2010 and OWA as Retention policies and Archive policies.

To deploy retention tags, you add them to a retention policy and apply the policy to mailbox users.

In Exchange 2010 SP1, we added support for the Notes folder. In Exchange 2010 RTM, items in the Notes folder aren’t processed. After you upgrade to SP1, if the user’s retention policy doesn’t have a RPT for the Notes folder, the DPT from the user’s policy will apply to items in that folder.

In existing deployments, your users may not be used to their notes being moved or deleted.

To prevent the DPT from being applied to a default folder, you can create a disabled RPT for that folder (or disable any existing RPT for that folder). The Managed Folder Assistant, a mailbox assistant that processes mailbox items and applies retention policies, does not apply the retention action of a disabled tag. Since the item/folder still has a tag, it’s not considered untagged and the DPT isn’t applied to it.

Screenshot: Creating a disabled retention policy tag for the Notes folder
Figure 1: Create a disabled Retention Policy Tag for the Notes default folder to prevent the Default Policy Tag from being applied to items in that folder

Note: You can create a disabled RPTfor any supported default folder.

Why are items in the Notes folder still archived?

If you create a disabled RPT for the Notes folder, you’ll see items in that folder are not deleted, but they do continue to be moved to the archive! Why does this happen? How do you prevent it?

It’s important to understand that:

  • A retention policy can have a DPT to archive items (using the Move to Archive retention action) and a DPT to delete items (using the Delete and Allow Recovery or Permanently Delete retention actions). Both apply to untagged items.
  • The move and delete actions are exclusive of each other. Mailbox folders and messages can have both types of tags applied – an archive tag and a delete tag. It’s not an either/or proposition.
  • If you create a disabled RPT for the Notes folder to not delete items, the archive DPT for the mailbox would still apply and move items.
  • When it comes to archiving, there’s only one archive policy that administrators can enforce – the DPT with ‘Move to archive’ action. You can’t create a RPT with the ‘Move to archive’ action. This rules out using the disabled RPT approach to prevent items from being moved.

How do you prevent items in a default folder from being archived?

There’s no admin-controlled way to prevent items in default folders from being archived2, short of removing the archive DPT from a retention policy. However, removing the archive DPT would result in messages not moving to archive automatically unless the user applies a personal tag to messages or folders.

The workaround is to have users apply the Personal never move to archive personal tag (displayed as Never under Archive Policy in Outlook/OWA) to a default folder. The tag is included in the Default Archive and Retention Policy created by Exchange Setup. You can also add this tag to any Retention Policies you create.

Screenshot: Applying Never archive policy to a folder in Outlook 2010
Figure 2: Users can apply the Never archive policy to a default folder to prevent items in that folder from being archived

1Support for Calendar and Notes retention tags was added in Exchange 2010 SP2 RU4.
2 You can apply a disabled move tag to a folder in user’s mailbox using EWS code/script. For details, see Using Exchange Web Services to Apply a Personal Tag to a Custom Folder.

Applying a disabled archive policy to the Notes default folder

You can’t use Outlook 2010 or Outlook 2013 to apply an archive policy to the Notes default folder or individual notes items. If your users want to preven Notes items from being moved, they must apply a disabled move tag to the Notes folder using OWA.

Screenshot: Applying a disabled moved tag to the Notes folder to prevent Notes items from being archived
Figure 3: Apply Personal never move to archive policy to the Notes folder in Outlook Web App in Exchange 2013.
The Exchange 2010 Outlook Web App UI differs slightly – it lists archive and retention policies separately. See a screenshot here.

 

Bharat Suneja

Updates

1/23/2013: In Exchange 2010 SP2 RU4, we added Calendar and Tasks retention tag support. You can prevent these from being moved or deleted by creating registry values. See Calendar and Tasks Retention Tag Support in Exchange 2010 SP2 RU4
6/18/2013 Added screenshot – Applying disabled move tag to Notes folder in OWA and link to Using Exchange Web Services to Apply a Personal Tag to a Custom Folder.

Comments (8)
  1. Disgruntled Lawn Gnome says:

    While it is good that you bring to light that the Notes folder does not behave like any other folder, it is pathetic to think, more or less post that this is intended behavior. As a recourse, rather than fixing the issue, which has been known for well over 6 months, you suggest that you remove the DPT AND have users manually apply a Personal Tag to the folder.

    There are several issues with this:

    1. If you don't have a DPT, then you effectively say "sorry Archiving does not work by default." At this point, decision makers wonder what it is that they spent all of this money on adding Archive mailboxes, when they could have gotten a product that actually archives, such as e-Vault or MailArchiver. "Sorry it does not work and there is no fix" hardly is an answer that can be presented to an oversight committee, unless it is Congress.

    2. Placing a dependency on end users to apply policy is not going to work more than 20% of the time. Some will forget, some will ignore and some will howl at the moon, but regardless, it will be ineffective.

    3. Since delegations do not allow other users access into their Archive Mailbox in OWA, people such as executives, who have assistants that would deal with items such as this, would not be able to apply the policy.

    I am still a bit lost on why it is that RPTs are not allowed to archive, since there is no middle ground between "Everything archives at ### days" and "the user decides to use the personal tag to archive at #### days".

    Anyhow, I am hoping that this Notes folder issue gets taken care of soon. Between "unintended" features such as this and bad patches that have mysterious consequences, I have a number of people in important places wondering why it is that we are using Exchange 2010 and what the replacement for it will be, rather than Exchange 201x.

  2. Bharat Suneja [MSFT] says:

    @Disgruntled: Thanks for the feedback!

    Note:
    – This post doesn’t indicate that Notes does not behave like any other folder.  Users will need to apply a Personal Tag to any folder – default or custom (user-created), to apply different archiving settings. This post does indicate
    that you can’t apply a Personal Tag to the Notes folder in Outlook 2010. Notes support was added in Exchange 2010 SP1. Until Outlook adds it, you can use
    OWA to assign a tag to it.

    We’re not suggesting that you remove the archive
    DPT AND have users apply a "Never" Personal Tag.
    Both the options are presented. The latter option is what’s recommended (instead of removing archive DPT).

    – User participation is not required – unless users don’t want items in the Notes folder to be archived based on the default archive policy, which will move items to the archive mailbox after 2 years. You can

    modify the default policy
    to suit your needs – for example, by modifying the retention period (Age limit for retention (days) in
    EMC or the
    AgeLimitForRetention
    parameter of Set-RetentionPolicyTag cmdlet). You
    can also create your own archiving policies.

    – Nevertheless, you’ll greatly improve user satisfaction and reduce support costs by communicating details about user-facing features with your users.

  3. Is MS going to add the -BaseFolderOnly option to Retention Policies any time soon?  For our company we had to revert to MRM 1.0 to get what we needed.

  4. Bhalchandra says:

    I guess this was a much needed post. Great work Bharat.

  5. Peter K. says:

    Still waiting on MS to come up with a valid solution for voicemail management too.  Many companies don't want voicemails hanging around for more than 14 days after they were listened to.  Seems a like a major shortcoming to not be able to purge these reliably.

  6. Andrei Kondrashov says:

    @Peter K.: Is that what you want?

    Create a Retention Tag

    technet.microsoft.com/…/ff625223.aspx

    Use the Shell to create a default policy tag for voice mail messages

    ——————————————————————————–

    This example creates a default policy tag for voice mail messages. When the tag is applied to a mailbox, voice mail messages without an inherited or explicitly applied retention tag are deleted after 14 days.

    New-RetentionPolicyTag "Corp-Exec -Voice Mail" -Type All -MessageClass voicemail -Comment "Voice mail messages without a retention tag are deleted after 14 days." -RetentionEnabled $true -AgeLimitForRetention 14 -RetentionAction DeleteAndAllowRecovery

    Note:

    By default, the MessageClass parameter defaults to *, which applies to all message types. A mailbox can have a maximum of three default tags: a DPT with the Move to Archive action, a DPT with the Delete and Allow Recovery or Permanently Delete actions to delete messages from the primary and archive mailboxes, and a DPT for voice mail messages. You can only specify the MessageClass parameter for voice mail DPTs.

    For detailed syntax and parameter information, see New-RetentionPolicyTag.

  7. Corey S says:

    @Andrey Kondrashov

    This helps us for the default setting but does not stop a users from putting a personal tag on the voicemail message overriding the default tag.  In the current system there is no way that we can guarantee that the voicemail will be deleted after 21 days without hoping the users do not change the tag.

  8. pete says:

    I'm still a bit shakey on setting up a retention solution that meets my needs.  I'm basically looking for a way to move all items from all folders in the live mailbox to the archive after 180 days.  After 3 years in the archive I want those items to be permanently removed.  Obviously I want everything discover-able so Single Item Retention will be enabled.  I also want the recovery dumpster to have a 3 year limit so that emails can't be maliciously deleted.

    I dont really understand why you can't set a 180 days move to archive on just the inbox, and then have a separate move to archive or perm delete for personal folders. In an ideal world i'd want to set up the policies like this.

    Inbox: move to archive after 180 days

    Personal: 1 year move to archive (so they can keep it in the inbox)

    Deleted Items: 14 days delete and allow recovery

    Archive: Purge after 3 years

    Recoverable Items: 3 year limit to match corp policy. -RetainDeletedItemsFor 1095

    Anyone want to help me out with what can get me as close to this as possible?  I suppose I can put a move ALL items to archive after 180 days, have the personal policy to tag it to not apply and have the deleted items one as well.  But what additional policy needs to be in place to perm delete from the archive after 3 years?  I didn't think you could have 2 default policy tags contained within the same Retention Policy?

    thanks

Comments are closed.