Records managers have been struggling with managing emails as records ever since they first appeared in the workplace.
For a long time the accepted practice, as with other digital records, was to print them out and put them on the appropriate file. With the introduction of electronic document and records management (EDRM) systems, end users were instead required to save or copy documents and emails to an electronic ‘file’ in that system.
In both cases, the emails remained in the user’s ‘personal’ mailbox, where they remained inaccessible for ‘privacy’ reasons. End-users and business areas would (and still do) conduct business via the email system, without these records being available to anyone except the sender and recipient/s. Attachments to emails sent to individual recipients were (and continue to be) not managed as records unless they were printed out or saved to the EDRMS.
Microsoft Office 365 has changed the paradigm for keeping records as described in the linked post, away from the central storage and management of records in one system (while leaving the originals in place), to the decentralised ‘in place’ storage and centralised management of records across Office 365.
This post provides an overview of the three main options for managing email as records in Office 365, in both Exchange and SharePoint.
In summary the options are:
- Leave emails in place in Exchange mailboxes (personal and Office 365 Group mailboxes) and apply one or more Office 365 retention policies to mailboxes.
- Same as previous point, and use Content Search to retrieve emails as required.
- Same as previous point, and only copy specific emails to SharePoint
Keep in mind while reading this post that chat content from MS Teams is also stored in Exchange mailboxes but that content cannot be copied to SharePoint.
Option 1 – Leave emails in place and apply retention policy
In this option, emails remained stored in personal or Office 365 Group mailboxes. End users may create folders and ‘categorise’ the content as they wish, but no additional attempt is made to further categorise, add metadata to, or group the content according to recordkeeping requirements. The aggregation, from a recordkeeping point of view, is the end-user or Office 365 Group.
All mailboxes are subject to one or more retention policies set in the Office 365 Compliance portal to ensure that no emails are deleted before a pre-defined minimum period.
Note that retention policies can effectively replace a back-up regime used by IT for disaster recovery and investigation purposes purposes.
Positives
Emails are aggregated by user name or Office 365 Group and will remain in mailboxes for a minimum period of time as set by the retention policy.
Office 365 Group mailboxes provide the ability to group emails by a more specific subject (the Group name, which could map to a business function – e.g., ‘Correspondence Management’) and have the added positive of having an associated SharePoint site.
Negatives
The negative with this option, from a recordkeeping point of view, is that all emails – regardless of subject or importance – are grouped by the ‘personal’ or Office 365 Group mailbox, and kept for the period defined in the retention policy. That is, there is no differentiation between (email) records that may need to be kept for a long period of time and those that are transient in nature.
If there is a requirement to ensure that certain emails are kept in different aggregations or for different periods of time, then option 3 should be considered.
Option 2 – Same as option 1 and use Content Search to retrieve emails
This option is the same as the first option, but the business can make use of Content Search to identify and isolate emails as required. Content Search is more or less the same as the search part of an e-Discovery case.
The Content Search option is accessed from the left hand navigation of the Compliance portal: https://compliance.microsoft.com/homepage
Note that access to the Content Search area is restricted to Office 365 Global Admins and Compliance Admins. This is because, as can be seen in the screenshot below, a Content Search can be set up to search for any content in email, documents and much more.
Content Searches can be set up from the ‘New Search’ option, or the Administrator can make use of a Guided search or Search by ID List. For the purpose of this email, only the ‘New search’ will be examined.
Configuring a new Content Search
Each content search can be configured against three main options as shown in the screenshot below: Keywords, Conditions, and Locations. Some searches may require a combination of these three options.
Keywords can be any words that may be found anywhere in the email, including the content.
The available conditions are listed below:
Common
- Date
- Sender/Author
- Size (in bytes)
- Subject/Title
- Compliance label
Emails
- Message kind
- Participants
- Type
- Received
- Recipients
- Sender
- Sent
- Subject
- To
Documents
- Author
- Title
- Created
- Last modified
- File type
The available search locations include any or all of the options below:
- Exchange email
- Office 365 group email
- Skype for Business
- Teams messages
- To-Do
- Sway
- Forms
- SharePoint sites
- OneDrive accounts
- Office 365 Group sites
- Teams sites
- Exchange public folders
For more detail on how to use Content Search and all the options available, go to this Microsoft site.
Running a search
After the search has been configured, it must be run. The speed of the search will depend on the complexity of the search, conditions, locations and the volume of content. Every search will appear in the list of searches that have been saved.
When complete, the search result will show a ‘Status’, showing the number of:
- Items found
- Unindexed items
- Mailboxes
- Sites
- Public folders
Exporting results
Once the search has completed, the results of the search may be exported. There are two configurable options for exported results.
Output options:
- All items, excluding ones that have unrecognized format, are encrypted, or weren’t indexed for other reasons
- All items, including ones that have unrecognized format, are encrypted, or weren’t indexed for other reasons
- Only items that have an unrecognized format, are encrypted, or weren’t indexed for other reasons
Exchange content export options:
- One PST file for each mailbox
- One PST file containing all messages
- One PST file containing all messages in a single folder
- Individual messages
- Enable de-duplication for Exchange content (check box)
Positives
Content searches are likely to find and retrieve more relevant emails than might be saved elsewhere, as it looks through all emails. Provided a retention policy has been applied to the mailboxes, the content should still be accessible. If the emails have been deleted at the end of a retention policy, they will not be accessible any more.
Emails can be exported and – if necessary – the PST copied to a different system (such as SharePoint) for long-term storage with additional metadata as required.
Negatives
Access to the Content Search option is restricted to Global Admins and Compliance admins, for good reason. Consideration might need to be given to governance or procedural rules. Note that Global Admins are always alerted when a new content search is created or run.
Each search must be pre-configured and run regularly to ensure that all emails are identified.
Content searches may retrieve too much unrelated content.
Option 3 – Same as option 2 and copy only select emails to SharePoint
This option mimics the legacy way of saving a record to a pre-defined separate aggregation, in this case to a SharePoint document library.
It differs from the first two options in that only certain select emails are copied (by end-users or using a third-party application) to specific SharePoint document libraries. It is still, however, possible (and preferable) to apply a retention policy to the original mailboxes.
Content search, which can be used at any time, will find the emails in both Exchange mailboxes and SharePoint as long as they have not been deleted via a retention policy expiry .
Positives
The positives with this option are that emails copied to a SharePoint document library:
- Are grouped with other related records. This may be important from an organisational recordkeeping point of view, for example for certain key records. Consideration might also be given to setting up an Office 365 Group instead for these specific records.
- Can have additional metadata.
- Can be retained for a period of time, different from the original mailbox.
Negatives
The problems with this option are that:
- It requires some kind of action to copy the email.
- It creates a copy of the email, it doesn’t remove the original.
- An email copied to another system may not be the most recent in a thread, especially if that thread is still active.
- Does not include the ‘chat’ elements from MS Teams.
Summing up the options
The idea of copying an email to a separate aggregation, container or file for recordkeeping purposes is a legacy concept inherited from the paper recordkeeping period. While attempts were made over the years to mimic that concept in EDRM systems, it has several weaknesses that mostly outweigh the alleged benefits.
Email (in Exchange) and documents (in SharePoint) continue to remain separate in Office 365 but there is now the potential to manage both equally through a combination of retention policies and pre-defined content searches.
The majority of business emails are never captured in separate recordkeeping systems. Microsoft’s centralised retention model and ability to apply to retrieve emails on the fly mean that it is more efficient and cost effective to leave emails in place. This does not exclude the potential to copy certain select emails to SharePoint.
Additionally, mailboxes associated with Office 365 Groups provide the ability to keep emails in a business context, away from inaccessible ‘personal’ email accounts. Records managers should consider the potential of using Office 365 Group mailboxes in this way for particular types of records.
Records about the world 