Creating a Microsoft 365 Retention Policy for Shared Mailboxes

Posted on by Tony Redmond

No Need for Licenses to Include Shared Mailboxes in Retention Policies

After writing about how to replace Exchange litigation holds with Microsoft 365 retention policies, I received a question whether retention policies cover mailboxes that don’t have an Exchange Online Plan 2 service plan, like shared mailboxes. Exchange Online Plan 2 is included in many Office 365 and Microsoft 365 licenses and can be bought and assigned as a separate license. For instance, you can assign an Exchange Online Plan 2 license to a shared mailbox to allow that mailbox to use an archive mailbox, increase its storage quota from 50 GB to 100 GB, or be placed on litigation hold (here’s how to check shared mailboxes against licensing requirements).

The answer is that retention policies with static locations cover shared and other resource mailboxes without requiring a license. The relevant text says: “For many [data lifecycle management] features, a shared or resource mailbox does not need a license assigned.” Shared mailboxes do need licenses when use is made of data lifecycle management features that require user mailboxes to have E5 or Microsoft 365 Compliance or Microsoft 365 Information Protection and Governance licenses. Retention policies based on adaptive scopes are an example.

Adding a Shared Mailbox to a Retention Policy

When a new shared mailbox is created, it receives a default mailbox retention policy. The retention policy is defined in the mailbox plan applied by Exchange Online when it creates the mailbox. In many cases, the Exchange retention policy (called a legacy retention policy by Microsoft) is sufficient to clear out old messages from the mailbox on a regular basis (or move items to an archive mailbox). If a tenant has a Microsoft 365 retention policy covering all Exchange Online mailboxes, shared mailboxes are covered by that policy.

You can also add the shared mailbox to a specific Microsoft 365 retention policy by editing the policy and selecting the shared mailbox, just like any other mailbox (Figure 1).

Adding a shared mailbox to a Microsoft 365 retention policy/
Figure 1: Adding a shared mailbox to a Microsoft 365 retention policy

Mixing the two types of retention policy doesn’t matter because the Exchange managed folder assistant (MFA) combines the settings from all the policies that apply when it processes a mailbox to remove expired items. After the shared mailbox is added to a Microsoft 365 retention policy, you should see the hold applied by the policy in the set of in-place holds noted for the mailbox. For example:

Get-Mailbox Customer.Services@office365itpros.com| Format-List InPlaceholds
InPlaceHolds : {UniHcac6fa1f-ce89-43ef-9e56-839a0e164662}

Creating a Special Microsoft 365 Retention Policy for Shared Mailboxes

Although Exchange retention policies are usually all that’s needed for shared mailboxes, you might feel that it’s best to use Microsoft 365 retention policies for all retention processing and create a Microsoft 365 retention policy for shared mailboxes. The advantage of using a targeted retention policy for shared mailboxes is the ability to apply different retention settings to those used for user mailboxes.

Remember the two downsides of this approach:

  • Folder-specific processing isn’t possible with Microsoft 365 retention. All folders have the same retention setting.
  • Microsoft 365 retention policies can’t move items to archive mailboxes. This feature requires shared mailboxes to have an Exchange Online Plan 2 license.

To illustrate the point, I wrote a PowerShell script to create a Microsoft 365 retention policy especially for shared mailboxes. The script does the following:

  • Connect to Exchange Online and Compliance PowerShell endpoints.
  • Find all shared mailboxes.
  • Create a new Microsoft 365 retention policy.
  • Add the shared mailboxes to the retention policy. Up to 1,000 individual mailboxes can be added to a single retention policy. If a tenant has more than 1,000 shared mailboxes, you’ll need to split the mailboxes across multiple policies. In this scenario, I would write the name of the policy used for a mailbox into one of the 15 custom attributes available for mailboxes.
  • Create a retention rule to keep items for two years (730 days). Obviously, you can choose a different retention period.
  • Remove the Exchange retention policy from the shared mailboxes.

You can download the script from the Office 365 for IT Pros repository).

Another step to consider is to exclude shared mailboxes from any Microsoft 365 retention policy that processes “All Exchange mailboxes.” This simplifies the retention processing for shared mailboxes to make sure that retention periods and actions from other policies don’t interfere with settings in the retention policy for shared mailboxes.

Some More Work

The retention policy created by the script processes shared mailboxes which exist at that time. More work is needed to maintain the retention policy by adding new shared mailboxes (deleted shared mailboxes are automatically removed from policies). That task is easily done with another script, which I’ll cover in a different post.

Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365. Only humans contribute to our work!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.