Oops – Have you over-shared in Microsoft Office 365?
The perils of using shared mailboxes to retain email records
Although it was technically possible to grow shared mailboxes (and resource mailboxes) beyond 50GB without a licence, this was not allowed in Microsoft’s licensing agreements, and now they’re clamping down.
The gist is that, if you want to maintain a shared mailbox over 50GB in size, you’ll need a proper license.
In our experience a major use of large shared folders is for retaining legacy data – by that we mean leavers’ mailboxes and Exchange journals.
This is a good idea in theory:
- You don’t need to pay for a third-party service for holding legacy email records
- You can do eDiscovery in one place
In practice, however, neither approach is advisable, and this is not wholly down to the licencing pickle you might end up in.
- If you’ve pushed emails belonging to multiple custodians into one or more big buckets (i.e. shared folders), how are you going to accurately apply retention rules to individual staff members?
- if you’ve migrated some very large journals into (what could be) hundreds or thousands of shared mailboxes, any future eDiscovery may need to incorporate all of these mailboxes, even if you’re interested in email traffic between a few named custodians. This makes for a challenging workflow and adds time and risk to the eDiscovery process.
To ‘do the job right’ in the context of the Office 365 licensing, architectural and eDiscovery model, you should seek to migrate and manage any legacy data you need to retain according to custodian.
This means putting all the emails belonging to an individual – even if they’ve long left the company – into that individual’s own mailbox. Microsoft’s Inactive mailbox feature makes this possible without licensing penalty.
A while back we developed a solution in collaboration with Microsoft to help organizations achieve this when migrating journals.
Called Compliance Time Machine, it delivers the ultimate option for preserving journaled emails in Office 365 in such a way you can:
- meet Microsoft’s licencing stipulations
- properly manage email records retention
- avoid eDiscovery hassles and risks later on
Admittedly there’s some extra ground-work involved in using Compliance Time Machine – largely because you need to get your HR or legal team to oversee the correct and accurate mapping of ‘past’ email custodians onto individual Office 365 mailboxes.
Given the number of name changes (e.g. due to marriage or divorce), duplicate names (John Smiths) and even domain name changes (owing to M & A activity) that can occur over the years, this can take a while. In our opinion, it’s worth it.
Our best advice?
For clients that want to use shared mailboxes for preserving journals in Office 365, or a way to consolidate leaver’s mailboxes, our best advice is (and always has been):
- Make sure your proposed usage of shared mailboxes is OK with Microsoft and is properly licensed
- Make sure your legal team is aware of the ramifications of using shared mailboxes when it comes to future information governance and eDiscovery
Contact Transvault if you want to discover your options for migrating legacy data to Office 365, or even if you’ve got a sharing mess to unpick (e.g. you want to put the contents of multiple users in Office 365 shared mailboxes back into individual mailboxes).
You can read more about making Office 365 a One-Stop-Shop for eDiscovery.