There was a time when archiving email for compliance was something you might only need to be concerned with as a company working in financial and legal services. Today, not least because of GDPR, the picture’s changed and it’s becoming something businesses of all sizes need to consider.
In this post, I’ll run you through how the email archiving software MailStore Server can be configured with your Office 365 accounts to provide a watertight archive that will satisfy all of the common compliance requirements you’re likely to come across.
What is MailStore Server?
If this is the first time you’ve stumbled across MailStore, it’s essentially archiving software for installation on a Windows server, that regularly collects a perfect copy of all mail from Office 365.
The end result is a single, deduplicated and encrypted off-site repository of all email concerning your business, that’s easily accessible by users from within Outlook, from a web client or a mobile device.
Can’t I just use Office 365 archiving?
Yep, you certainly could. As an Office365 user, you do have access to archiving features, but to get anything more than very basic storage, you need to either pay for a Premium add-on or go for one of the more expensive Enterprise plans.
Importantly, archiving with a third party product like MailStore offers a number of distinct benefits Office365 can’t, including:-
- No cost for keeping the data of ex-employees
- Protection against accidental or malicious deletion of messages
- Access to your email during Office365 outages
- Better protection against data loss
- No storage limits
I elaborate on this further in my video, Six Reasons to Archive Office 365 Email Using MailStore Server.
What’s involved in archiving Office 365 with MailStore?
Even though Exchange Journaling in Office365 cannot support a local Office365 mailbox as the destination for the journaled email, it is possible to set up a similar process using Exchange message rules.
It’s worth noting this method does not use Exchange envelope journaling so the resulting journaled email may not always be routable into the correct MailStore user’s archive, but it will be archived and therefore satisfies most compliance requirements. More on that point later.
Setting up Message Transport Rules
The first stage is to open up the Office365 admin console and navigate to the ‘Exchange admin centre’.
In here you can select the Mail Flow > Rules section to create a new message rule…
The rule is applied to ‘All Messages’ and creates a ‘Bcc’ (Blind Carbon Copy) of the message to be delivered to a specified Office365 account.
In this example I have created a new Office365 account called ‘Catchall’ but you can use any free Office365 mailbox such as an Admin account. Just make sure nothing else is using this mailbox as it will contain a copy of all email for the domain!
That’s all that needs to be done in Office365, next we need to set up a corresponding archiving job In MailStore Server.
Configuring the job in MailStore
In order to create a job that won’t produce any errors (as would happen if we used the journaling option), we need to use a different more generic type of journaling job.
So choose to archive an ‘Other server via IMAP/POP3’…
…and select the ‘Multidrop Mailbox’ job type.
This job will be connecting to Office365 Via IMAP-SSL so we will need to add the host ‘outlook.office365.com’…
The username and password will be the account you specified in the Exchange rule before.
Under ‘Target Folders’ I prefer to change the destination folders to simulate an Exchange Journaling job.
In this example, I am sending unknown email to a @catchall archive folder. This will only be accessible by MailStore Administrators but you can choose a different location for this folder should you wish to assign it to a specific MailStore user for example.
We choose to delete the messages in the catchall mailbox as soon as they are archived as we don’t want this Office365 mailbox filling up over time.
Finally, I synchronise the users with Directory Services so that should enable any new Office365 accounts to be added. This job updates the MailStore user list first allowing it to match emails for the new users if they exist.
So now when we run this job, all emails collected from our catchall mailbox will be sorted based on the user’s email addresses and put into either a ‘Journal Incoming’ or ‘Journal Outgoing’ folder…
Why we do it this way
There are a number of other ways you can archive mail from Office 365 with MailStore but if the requirement is compliance, we choose ‘transport rules’ because the other methods have limitations…
1) Connecting directly to mailboxes
Because you’re archiving from a live mailbox, in theory, there is a tiny window where a user could delete a message before it’s archived. If you can’t be absolutely sure you’ve got everything, it can’t be deemed compliant.
2) Journaling to an external account
You may be familiar with the journal feature found in the on-premise versions of Exchange, which nominates an extra mailbox/account where a copy of everything that comes and goes from the server is kept.
Office 365 also offers this option, but not to another Office 365 mailbox on the service, which means if you want to journal, you’ll need to do it to an external IMAP or POP mailbox.
If you’ve got your own mail platform, this might be a good option. If however, your only option is to journal to a third party account with another host, you may find security is an issue, plus it can be a little ‘clunky’ to set up and manage on an ongoing basis.
Are there any limitations of the ‘transport rules’ approach?
There is a limitation, but only a small one. Any email that arrives in an Office365 mailbox that doesn’t have a ‘To:’ header cannot be sorted into the relevant end user’s archive when archived by MailStore, and this includes any recipients appearing in the BCC field.
In reality, the worst case scenario here would be if a user deleted a message that arrived via BCC, it then wouldn’t appear in their archived email folder. It would however still be available to an auditor or admin if required because there would be a copy in the ‘unknown email’ folder.
Grab a copy of the free 30-day trial
That’s about it for the setup steps, if you’d like to start archiving for compliance, head over to our downloads page and grab a copy of the latest version of MailStore right away.
Already a customer but not sure if you’re using the latest version? Check your licence key using the upgrades checker on our site.
Need help walking through the steps? Have questions? Give us a shout in the normal ways!