Ways to lose data in Exchange Online [Office 365]

Posted by Gina Rosenthal in Office 365 | Tagged , , | Leave a comment
28August2015

A few weeks ago, I blogged about the importance of understanding Office 365 backup policies, and how to make sure your organization’s data is protected. Today I’d like to focus specifically on what gaps exist in protecting data in Exchange Online.SaaS-pic

First, it’s important to understand that Microsoft does a very good job protecting the data you tell them to keep on your tenant. But, it’s important that Microsoft is a SaaS provider for their applications on Office 365. This means they are going to take care of things from the application layer down. You are responsible for configuring the policies that keep data on (or remove data from) the tenant, and ultimately for the data you store and use on Office 365.

So, specifically what sort of data do you need to worry about protecting if your organization is using Exchange Online?

mail-folder structure-no-archiveAt left is what a typical default folder structure looks like for email on Office 365. There is the Inbox, and some other folders. There is also a Deleted Items folder. Users can delete emails using buttons, dragging email to the Deleted Items folder, by creating Inbox rules, or by applying a policy that may have been provided by the Administrator. Administrators will also apply policies that will delete emails.

As long as the email stays in the Deleted Items folder, users can move it back into one of the other available folders. But here’s where things get interesting. If users delete an email from the Deleted Items folder, it is sent to the Recoverable Items folder. Once an item has been sent to the Recoverable Items folder, the clock starts for how long that data is available before it is removed permanently from Office 365.

The clock is set by default at 14 days, but the Administrator can extend the time to 30 days using PowerShell. When a user deletes an item from the Deleted Items folder, they are warned of the consequences:

perm-delete-dialogue-box

recover-deleted-items-dialogueIf the worst happens and  a user deletes something important by mistake, or if a rule went crazy and sent the items there, or however that email item got into the Recoverable Items folder, Microsoft provides that two week period to recover the item. And this recovery can be done by users. The users can’t see this folder as an actual folder, they have to use a utility that is accessed by right-clicking the Deleted Items folder and choosing Recover deleted items….

From that menu, they can choose the email (or emails) that should be recovered, and it move them back into their Inbox. But users can also purge that email (or emails), which will remove the item permanently from Office 365.

So from the Inbox, users can delete email items by sending them to the Recoverable Items folder in a number of ways. Once the items are in that folder, users can purge them out of Office 365, or after 14 days by default the items will be purged by the system.

mail-folder -tructureAdministrators may also enable an Archive Mailbox. The Archive Mailbox (you may also see it referred to as the In-Place Archive) allows users to move messages they may want to keep longer than an organization’s retention rules allow. If you’re a long-time Outlook user, the Archive Mailbox is the new version of the .pst file.

This folder shows up under the Inbox and all the Inbox folders, and it has it’s own Deleted Items folder and Recoverable Items folder. Users can delete items permanently from Office 365 in the exact same way that they can for the Inbox.

These some of the the technical details on how Exchange data can be lost by users on Office 365. Do you know of any others?

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.