If you’re planning to migrate your legacy mailbox archives into Office 365 (O365), then chances are you have a journal archive you need to deal with as well. That being the case, it is likely that the amount of journal data archived is equal to, or greater than the total size of your mailbox archive data.
Before we get into the options you have in dealing with this journal data, let’s take a step back and spend a moment explaining the concept of journaling. It is a means for an organization to record an immutable copy of email communications for regulatory and compliance requirements.
JOURNALING IN Office 365
Traditional journaling involves configuring a journal rule to send journal reports to an on-premises journal mailbox based on a defined journal scope, which can include internal messages, external messages or both. Now depending on the number of messages sent and received daily within your organisation, it would only be a matter of time before the size of the journal mailbox would become too large to manage. This is where 3rd party archiving products come into play, basically hooking into the journal mailbox to archive compliance email data into a journal archive.
With O365, there is no equivalent to the journal mailbox. Instead, the following is offered:
- Using an optimised single-instance storage model, each user is able to retain their own copy of every email sent or received
- Litigation Hold is enabled so that all email can be retained indefinitely
- If a user deletes an email, the email is removed from the users’ view and moved into a special hidden folder inside the Recoverable Items Folder (RIF), where it can be searched using Microsoft Security and Compliance Centre
- Bcc’d recipients are retained indefinitely in the senders’ mailbox
- Distribution lists (DLs) are expanded when the email is sent and is stored in hidden folders within the senders’ email so that they are fully searchable using the eDiscovery process
- Inactive mailboxes belonging to users who have left the company can be put on indefinite hold without incurring a license penalty
OPTIONS FOR MIGRATING YOUR JOURNAL ARCHIVE
We have covered the reason behind why to journal and have also spoken about how journaling in O365 differs from how it’s traditionally done with on-premises Exchange. So, how do we migrate a legacy journal archive into O365?
MIGRATE THE JOURNAL ‘AS IS’
With this approach, the journal archive is migrated ‘as is’ into one or more shared mailboxes in O365 yet ensuring that compliance metadata is fully discoverable. This is done by:
- Reconstructing the message envelope so that messages will be migrated as ‘single instance’ messages, just as they are in the Journal
- Preserve the original message and incorporate critical header information, Bcc’d and Distribution List members, by populating the TO: field, thus ensuring all relevant metadata is searchable
- Provision multiple target mailboxes in O365 in which messages can be migrated into. As an option, the messages can be sorted by date and migrated into mailboxes grouped per year or by month
- Apply permissions to these mailboxes so that only eDiscovery officers have access to them
- Placing the mailboxes on Litigation Hold
This approach, though simplistic in its nature has some caveats that need to be considered.
The first is that this method of migration leaves the data in a state that does not quite fit well with the Microsoft O365 compliance model, which when facilitating the eDiscovery process, can lead to incomplete search results. The second and most significant is that this DOES NOT COMPLY with Microsoft’s published licensing terms which clearly state that using a single Online Archive to store email from multiple users is not permitted.
For further details please visit the following Microsoft article.
JOURNAL EXPLOSION
This approach enables organisations to correctly and reliably migrate journal email along with the crucial envelope compliance metadata into the new O365 compliance model in such a way that the email is:
- Compliant to the Microsoft licensing model
- Complete and fully searchable for eDiscovery, including Bcc’d recipients and distribution list members
- Organised into custodian mailboxes, therefore ensuring that all relevant mailboxes can be included in an eDiscovery search
The way in which this is done is that each message within the journal archive is examined and a copy of the original message is migrated to every recipient listed on it. This means that every user will have their own copy of the message in O365. This method of journal migration is commonly referred to as ‘Journal Explosion’.
The messages are typically written to an area hidden and inaccessible to the end-user. This area of the mailbox does not count towards the user’s mailbox quota yet is fully searchable using the eDiscovery process. Also, as with other areas of the mailbox, the content in the RIF will be immutable if the mailbox object is placed on Litigation Hold.
It is also important to consider how to handle users who have left your organisation when using the ‘Journal Explosion’ method to migrate your legacy journal archive into O365. Inactive users or ‘leavers’ will likely have email items in the journal archive but no licensed mailbox object in O365 to migrate the discovered email into. If you decide to migrate inactive users into O365 then you will need corresponding licensed mailbox objects in O365. It is best you consult with your Microsoft Account Manager for recommendations on how to cost-effectively license mailboxes in O365 for inactive users.
Also, note that with ‘Journal Explosion’ the number of items migrated can be many times that of what is reported by the source archive. Typically, we see an average explosion factor of 3:1 so this needs to be considered when planning your schedule and estimating migration timelines.
