No Backups in O365 Exchange Online, Alternative Recovery Options

No Backups in O365 Exchange Online, Alternative Recovery Options

Microsoft has held strong to its decision that Exchange Online mailboxes are not backed up within the Office 365 infrastructure.  

Some Exchange administrators hear this and they likely cringe.  Personally, I have been in several different situations during on-premises Exchange deployments over the years where lack of backups led to severe data loss.  An incident that stands out to me from many years ago was when I had been brought onsite to resolve an Exchange Server outage in a small business.  They thought they had current backups, but it turned out that the most recent one had completed more than 30 days prior.  Fortunately we were able to recover the databases by repairing them with the ESEUTIL program, but they still lost several days of data by the time the database was repaired.  It can be very hard on a business to lose all that data. For me, even when using the Database Availability Group (DAG) to protect data, backups are very important.

So how can we balance not having backups with our business needs using a cloud-based email strategy?  How can I be comfortable not having them?  For one, there are multiple other ways of protecting your data and making sure it is accessible with Exchange Online.  Without doing a thing, your Exchange Online Mailboxes are protected using DAG technologies spread out across two datacenters connected with fiber backbones.  If a database copy does fail, there is an automatic process to reseed/repair that failed database copy.  Over and above what Microsoft offers through the DAG, there are other features that can be used to recover email data.  This article covers some of those additional capabilities, but more specifically how to use deleted item recovery to pull back those one-off messages that users need, and how to use mailbox litigation hold to ensure that the data we deem to be very important is always at our fingertips. In a future post, I will cover some of the additional technology options for this.

Deleted Item Recovery

With Exchange Online, Exchange Administrators are still able to control the deleted items retention period similar to what they have previously done within their on-premises deployments   This option controls how far back your users or Exchange Administrators can go when looking to recover that missing email from within the full Outlook client or Outlook Web App (OWA).  The amount of time in which a message can be recovered for a mailbox is set by your administrator or inherited from the database default.  This is a great option for those messages that were inadvertently deleted, or unexpectedly became necessary again after they were permanently removed.  The user or Exchange administrator can do this right from Outlook by going to Recover Deleted Items, selecting the message, and then choosing recover.  

If this is a feature that you would like to capitalize on within your Office 365 deployment it’s already setup for you.  By default, you can recover email that goes back 14 days.  If you need to recover email from further back, the largest threshold that can be set in Exchange Online 30 days.  Here is how you can get started with ensuring you have the right amount of deleted item recoverability in place for your whole organization.

1. Connect to Exchange Online through PowerShell.For additional detail on how to do this see the following article.https://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx

2. Once connected, verify your current organizational settings with the following command:

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | FL Name, RetainDeletedItemsFor

3. Let’s assume that the results show that you are set at the default of 14 days organization-wide.In this example you can change it to 30 days (which is the maximum allowed within Exchange Online):

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Set-Mailbox -RetainDeletedItemsFor 30

4. Run the command from step #2 to validate that the setting has been changed to 30 days.

That’s all there is to it.  This is a simple change that maximizes how far back a message can be restored from.  There is also no downtime required to make this change.

Mailbox Litigation Hold

Another option for ensuring mailbox data remains available is through the use of litigation hold.  In one-off situations or for varying employees, it may be important to be able to obtain email from further back than 30 days.  This can be accomplished by setting up a Mailbox Litigation Hold.  Litigation hold is intended for use with legal and compliance situations, but it has also become a good option for ensuring prevention of email loss. 

Before we dive in too deep though, and before assuming that this option is the right solution for your organization, there are several important considerations.  For example, only administrators with the proper permissions can put a mailbox on litigation hold.  At a minimum, they must be part of the “Discovery Management” RBAC role, or included in the “Legal Hold and Mailbox Search” management role  If you are part of the Organization Management role group, then you will inherently have the appropriate permissions.  Also, the data is stored in a hidden folder called Recoverable Items with a set of subfolders used to hold purges and deletions of items when a mailbox is on legal hold. So if a user deletes an object, it is not really gone until either the retention period on the litigation hold expires or indefinitely, depending on the settings in place. Also, items in the Recoverable Items folder do not count toward the user’s mailbox quota.  Instead, the Recoverable Items folder has its own quota of 100GB. However, note that if you have been using Exchange Online for a while your quota could be a small as 30GB. If your quota is exceeded, the user will not be able to empty the deleted items folder and Office 365 support will need to be contacted. 

Other considerations include the hold options that are available.  These are listed below and should be considered when determining if Litigation hold for email retention is a good option for your organization.

  • Indefinite Hold:  When using indefinite hold your email will not ever be deleted, because an end date is not configured.  The best use case for litigation hold would be for mailboxes that are being held for legal investigations.  There may be exceptions to this where the information that a user or group of users manages exists so it's important that this option be set for their email on a day-to-day basis.  Use of Indefinite Hold is would typically not be set organization-wide, but at the end of the day this could be done if deemed necessary by your organization.

  • Query-based Hold:    During litigations it is often not necessary to keep all information related to the case.  There are often specific criteria that need to be retained and presented in court.  Query-based hold will allow information holds based upon varying criteria such as keywords, start/end dates, sender/recipient addresses and message types.  For example, if the pending court case requires all email that involves messages from [email protected] to [email protected] then a query-based hold with these criteria would be setup.  This is a great option for maintaining only the information required for the duration of time defined in the hold.

  • Time-based Hold:  This option is great for legal investigations where an amount of time will be designated for the pending trial.  In my experience with these types of requests, legal will make it very clear how long email will need to be held for a pending case.  So, in this case a time-based hold would be best.  This allows the mail to be held for the duration decided upon by a pending lawsuit, but defined by the administrator.

For more information on litigation hold here is a great read that can also help you with your decision.  If you have reviewed all the details, and feel that this is a good option for your organization then you should take a look at what it means to get this setup. 

How to setup a Litigation Hold for Exchange Online

Before you begin setting up Litigation Hold, consider whether or not you will set a duration for the hold.  If so, then you will need to add –LitigationHoldDuration #ofdays to the end of each of the commands below.  Whether the hold is being set for an individual user or your organization, it will be necessary to first connect to Exchange Online through PowerShell.  For additional detail on how to do this see the following article.  https://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx

  • To set a litigation hold for an unlimited amount of time for a specific mailbox use the following command.Be sure to replace the mailbox address with your own.

    Set-Mailbox [email protected] -LitigationHoldEnabled $true

     

  • To set a litigation hold for your whole organization indefinitely, use the following command.

    Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -LitigationHoldEnabled $true

These settings can take up to 60 minutes to take effect once the change is made.  Here is an article that provides some additional detail on the various types of legal hold for mailboxes in Exchange Online.

Conclusion

While not having a proper backup sounds like it could be a critical shortcoming of the Exchange Online product offering it really is not.  The underlying DAG technologies, in addition to Deleted Item Recovery and Legal hold, are just two of several options that can be used to ensure that you can recover your organizational data.

 

TAGS: Office 365
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish