Helping you adopt & adapt the Microsoft Modern Workplace & Azure Cloud for your business

In the early days of corporate email communications, messaging was not viewed as a formal business record despite emails being more verbose compared to the average email in 2020.

Policies about the use and retention of messages generally did not exist because of the relaxed view of email in the workplace. If there was a corporate policy about email, it was usually to impose small quotas on mailboxes, erroneously believing that this would control storage growth and would mean that messages were deleted after a certain period.

All of this changed when email messages played significant roles in high-profile litigations, with the smoking gun being an email that was thought to have been deleted.

The corporate world soon realised that what they did not know could hurt them, and governments moved to pass legislation imposing regulatory compliance requirements for specific industries to keep records.

Journaling provides a “golden copy”

There are two reasons that you need journaling:

  1. Your organisation falls under legislation or one of the regulatory regimes that mandate it, and/or
  2. Your legal department says so.

It is common for legal teams to require email journaling because it offers them the option of conducting early data assessments in the event of claims. Legal teams can make an informed decision about whether to fight or settle the matter when they have a reliable, golden copy to explore early in the process.

Many legal teams find the cost of journaling and early data assessment to be far less than deciding to fight and later losing based on surprise email evidence.

Does Microsoft 365 solve my journaling needs?

Does Exchange Online in Microsoft 365 support journaling? The short answer: Partially.

You can indeed enable journaling in Microsoft 365 to capture that “golden copy” of particular users’ mail flow from Exchange Online mailboxes. However, the catch is that you cannot use Exchange Online mailboxes as the target for your journaling.

As found in Microsoft’s documentation:

You can’t designate an Exchange Online mailbox as a journaling mailbox. You can deliver journal reports to an on-premises archiving system or a third-party archiving service. If you’re running an Exchange hybrid deployment with your mailboxes split between on-premises servers and Exchange Online, you can designate an on-premises mailbox as the journaling mailbox for your Exchange Online and on-premises mailboxes.”

Microsoft 365 journaling hacks

As for your legacy journal archives, residing in a third-party archive solution or on-premises Exchange Server, some organisations opt for migration of their journal archives into Exchange Online. The approach involves the use of migration software, such as TransVault, to “explode” the journal out to a mailbox per user in Exchange Online. On the surface, the approach seems to be ideal because you have Content Search, Core eDiscovery, and Advanced eDiscovery features in Microsoft 365.

There are some workarounds available for organisations that need to continue journaling their mail and want to achieve this in-place with Microsoft 365. However, these options are a hack as far as journaling goes because the mail flow is not technically journaled as an air-gapped golden copy. One option is the use of Preservation Locks for organisations that want to centralise on in-place Microsoft 365 for compliance and eDiscovery for SEC/FINRA/CFTC-compliant immutable WORM storage. The approach requires you to apply a retention period to your data, which may not be ideal for organisations whose journaling activity is motivated by a litigation strategy only. For legally-motived journaling requirements, Litigation Hold might suffice as a journaling replacement.

Cloud-based journaling alongside software-defined storage and cloud backup

Organisations may find that Microsoft 365 is not an ideal home for legacy and go-forward journaling because in-place features and hacks can impose downstream search and discovery complications. You should test any in-place strategy to ensure it aligns with your legal and compliance requirements and that the hold and collection workflows deliver the results you expect.

Cloud-based journaling, such as provided by HubStor, can work alongside Microsoft 365 to solve both the retention of legacy journal archives and the go-forward journaling for an air-gapped golden copy. TransVault has a direct integration with HubStor to intelligently migrate your legacy journal. And HubStor provides fully-managed, Azure-based SMTP journaling to reliably accept your journal feed from Microsoft 365 into an archive with discovery features for cases, searches, holds, and exports. While the use of a third-party archive will mean two places to search, there are numerous advantages, such as:

  1. Proper journal report handling for BCC search – The in-place methods of Microsoft 365 means that BCC’s only exist in the sender’s mailbox, which could be easily excluded from an eDiscovery search. However, if you create a journal rule in Microsoft 365, then the SMTP journaling feature will deliver a proper journal report, which exposes the full recipients list. HubStor will index this so that you can search sender and recipients, including BCC recipients, and even filter on whether or not messages have BCCs.
  2. Data sovereignty controls – Legal and compliance requirements can come with data sovereignty needs. HubStor’s single-tenant SaaS model gives you the convenient of a software service with the enterprise-grade flexibility and security to have a dedicated configuration that runs in an Azure region of your choice. HubStor can guarantee all aspects of its journaling solution to respect data sovereignty requirements, including the receipt, delivery, capture, ingestion, storage, and indexing of the data.
  3. Data management platform for your other backup and archive needs – The best way to make use of HubStor is to take advantage of the economies of scale provided by the platform and its subscription model. If you use HubStor for journaling and eDiscovery for messages only, it is generally price competitive above 750 users, and it is more price competitive the larger your organisation. However, even for smaller organisations, the platform includes features like software-defined storage to help you protect and manage file systems cloud tiering and NAS backup. HubStor’s recently launched Backup-as-a-Service (BaaS) for virtual machine environments such as VMware vSphere, Microsoft Hyper-V, and Systems Centre, which can simplify your data protection architecture and provide reliable cloud-based recovery and disaster preparedness at significantly less cost than incumbent backup products. Finally, you can satisfy requirements to protect your data in SaaS apps (Microsoft 365, Box, and Slack) and PaaS storage (AWS S3, Azure Blob, and Azure Files). Because of HubStor’s usage-based pricing model, adding any of these additional workloads to your single-tenant instance is only an incremental uptick in cost, giving you a unified SaaS solution for all things backup and archive while enabling you to reduce costs by eliminating legacy products and multiple vendors.

Much like insurance – you never know when your organisation will need to pull data from old emails.  If you don’t have a journaling system in place you run the risk of lacking the information needed which can ultimately cost much more than implementing a proper journaling solution in the first place. That’s why preparing in advance is key to preventing unnecessary problems in the future.

If you haven’t started looking into email journaling, now is as good a time as any to start.

Migrating Email Journals

Find out about the range of journal options available to you.

Why are BCC’d recipients so important?

In relation to email, BCC stands for “blind carbon copy.” Just like CC, BCC is a way of sending copies of an email to other people. The difference is that recipients CC’d on an email have no visibility of the fact that other people may have also received the same email.

I think we’ve all been on the receiving end of a marketing email that’s been inadvertently sent to CC’d a circulation list.  This is where BCC comes into its own, but there’s other scenarios where BCC is used.

A key thing to consider is “Why do people use BCC in work-related emails”?

  • To raise an issue concerning a co-worker?
  • To lodge a confidential record of an email exchange with a third-party?

Arguably the use of BCC is secretive and deceptive and it follows that the nature of the email will be more ‘shady’ or confidential than an openly CC’d email.  It also follows that the person being BCC’d is just as important, if not more so, than those that are CC’d.

The good news:

The default Exchange journal setting (and that of most hosted journaling services such as Mimecast) is called an ‘envelope’ journal.  The envelope includes a record of the TO: and CC: fields as well as any BCC’d recipients and all the individuals included in your local distribution lists (DL) at the point in time the email was received by your messaging transport agent (MTA).

The bad news:

In the process of migrating to Office 365, you could be stripping out BCC and DL information from your email records.

Having helped with extremely large corporate email investigations, we know the importance of maintaining complete email records and maintaining due diligence when handling email archives in particular.  https://www.theguardian.com/media/2011/jul/08/phone-hacking-emails-news-international

What’s the problem with Office 365 & Journaling?

The key ‘gotcha’ is that Office 365 does not have a journal service – at all. 

Until recently if you wanted to move to Office 365 and maintain a conventional envelope journal you’d have had to subscribe to a third-party service from an organisation like Mimecast, or keep an Exchange journal running back on-premises. 

But in the last few years Microsoft has been filling a few holes.  Office 365 can now effectively replace the role of the envelope journal and provide a one-stop-shop for compliant and complete email records retention.  This is how it works:

  • Instead of using a large, centralised, single-instanced mailbox that is inherently difficult to scale and failover, Microsoft uses its optimised multi-instance storage model.  This allows each user to retain his/her copy (journal) of all emails sent/received with zero performance penalty and no single point of failure.
  • By putting all relevant mailboxes on In-Place Hold, all emails sent and received are retained indefinitely.
  • Deleted emails are removed from the user’s view, but held into a special hidden folder inside the Recoverable Items Folder (RIF), where they are available to the eDiscovery process.
  • Any BCC’d recipients will be retained indefinitely in the senders’ mailboxes.
  • The members of any distribution lists (DLs) are expanded at the point of sending and stored in hidden headers in senders’ emails so they are fully discoverable.
  • Ex-employee’s mailboxes (i.e. those belonging to leavers) can be put on Indefinite Hold and made available for eDiscovery, without a license penalty (using Microsoft’s inactive mailbox service).

So assuming you’re not going to dump over 10 years’ worth of email records when you move, all you’ve got to do it map what’s in your existing journals and any journal archives (which are commonplace given the size to which journals can grow) into the new model.

You’ve actually got a few options for doing this, ranging from quick and potentially dirty to slower and comprehensive?

Email Journal Migration

Want to get the full scoop on how it all works?  Get in touch today.

Discover How (and why) Microsoft 365 Replaces The ‘Traditional’ Email Journaling Service.

Have you ever wondered why Microsoft 365 doesn’t provide a ‘native’ email journaling service (like your old on-premises Exchange server used to).

  • Do you still need to use a third-party journaling service (such as Mimecast or Proofpoint) or an on-premises Exchange server?
  • If not, how is Microsoft now ‘filling the journal gap’
  • What you need to do to migrate an existing on-premises journal or cloud journal into the new ‘Microsoft way of doing things’?

This white paper addresses all these questions and more. 

Download your copy of the Making Office 365 One-Stop-Shop for Email Records Compliance white paper.

Discover How (and why) Microsoft 365 Replaces The ‘Traditional’ Email Journaling Service

Get in touch to find out more about your options for handling your legacy email Journal when you use Microsoft 365.