Managing Inactive Mailboxes and Departing Employee Data in Microsoft 365
- By:
- Bill Tolson |
- November 23, 2021 |
- minute read
In Part I of this post, we discussed the operational, budgetary, and legal risks of managing inactive user mailboxes and data. This included the practice of moving inactive Office 365 mailboxes to shared mailboxes, recycling accounts and deleting all departed user data.
Inactive Microsoft 365 User Data and Cloud Migrations
The issue of what to do with inactive user data is especially important during a cloud migration and/or migration to Microsoft 365. One of the biggest challenges is time: recycling a Microsoft 365 license takes 90 days by default, slowing things down significantly. Furthermore, any non-mailbox data, such as OneDrive for Business data, will be lost when following Microsoft's approach to inactive users. This also applies to the Microsoft 365 archive mailbox.
Inactive mailbox data can only be accessed by performing an eDiscovery search, which guarantees that only people with eDiscovery access rights have access to it. If specific mailbox contents are needed in litigation or a regulatory information request, they can be located using an eDiscovery search and then copied to a Discovery mailbox where they can be accessed without impacting the immutability of the original content.
As mentioned in Part I of this post, if the departed employee's data needs to be retained for legal or regulatory reasons, the data can be moved into a shared mailbox or converted into an inactive mailbox. But before the company chooses one of these paths, they should fully understand both the pros and cons of each strategy and how it will potentially affect their legal department.
FOLLOWING MICROSOFT'S MIGRATION ADVICE MAY NOT BE THE BEST CHOICE FOR YOUR BUSINESS - HERE'S WHY
If you have inactive users in your archives, you can simply delete them or migrate them all when you move to Microsoft 365, right? Unfortunately, it’s not that simple. This article outlines the technical, regulatory, and compliance challenges you’re likely to face, the alternatives available, and why Microsoft’s suggested method for inactive user migration may not be (in our opinion) your best option.
Another Way - Today's best practices for Microsoft 365 inactive mailboxes
The shared and inactive mailbox processes have been the go-to strategies for companies wishing to address their growing inactive mailbox challenge. However, both strategies have several issues associated with them, which we discussed earlier in this post and in Part I.
Consolidating and managing inactive or departing employee data in a centralized and secure corporate cloud account is now a preferred strategy. It not only includes mailboxes, but also other data not addressed by using shared or inactive mailboxes and ensures data immutability, security, copy of record status, and retention or disposition – which can be accomplished quickly and inexpensively.
I recently heard from a big pharma customer who maintained a low-tech and risky process for data retention for legal situations. The company was gathering and storing the physical devices from departed employees – including laptops, desktop workstations, and company-supplied smartphones – in a locked room and retaining them for three years (the local statute of limitations for wrongful termination lawsuits) in case the legal department needed the data in a future lawsuit or audit.
An obvious issue with this process is that it ties up expensive hardware for long periods of time while running the risk of equipment obsolescence and data loss the longer it is stored. Additionally, hard disks should be "spun-up" on occasion; otherwise, hard disk operation can be affected, potentially limiting, or even prohibiting data recovery. This company sought a lower cost and compliant solution and now creates an image of the data on each piece of equipment and stores each image in a secure, IT-controlled cloud account for legal search when needed. Also, the data is now managed, so after the applicable retention period, the expired images are disposed of in a legally defensible manner.
The safest, simplest option with added value
To achieve cost-effective and legally sound outcomes, organizations should create and follow an employee exit process that should include a collaboration of HR, IT, and the legal department to capture all the departing employee's data (including all Microsoft 365 account data before it is lost) and securely store it in a controlled-access cloud account.
To achieve this, organizations must capture, migrate, store and manage inactive data in a legally defensible manner and, should you follow Microsoft's advice, there are issues to be overcome, especially if your inactive user data is stored in a third-party archive like Enterprise Vault, SourceOne, Mimecast, NearPoint, Smarsh, or Global Relay. Vendors like these don't want you to leave their service, which may mean you're forced to deal with delays and inflexibility when it comes to extracting your data.
Microsoft Office 365 inactive mailboxes, legal hold, and migration challenges
- A Microsoft 365 license is required to migrate each inactive user
- A pause of up to 90 days is required before licenses can be reallocated, making batch migrations slower
- Migrating large mailboxes may trigger auto-expansion in Microsoft 365 mailboxes, which can cause a delay of 14-28 days
- Using shared mailboxes introduces data volume limits and makes searching and eDiscovery more difficult
- Litigation holds can't be placed on shared mailboxes
- Large amounts of inactive user data can degrade search performance in Microsoft 365
- Third-party archive vendors may obstruct and slow down the extraction of data from their service.
Improving inactive user management
There is a much easier alternative to shared and inactive mailboxes, following the less-than-convenient approaches above, and blindly transferring your inactive users into Microsoft 365. Using a high-performance email migration tool that meets the operational, compliance, and legal needs of your business, you can quickly and accurately move your archived and inactive user data to a secure cloud location while ensuring data fidelity and chain of custody.
Archive360 works with clients to ensure departed employee Microsoft 365 data is captured, migrated, stored, and managed in a legally defensible manner in your own cloud, ensuring those valuable assets are not lost. With automated retention and disposition, the data can be searched easily and analyzed using cutting-edge tools for legal, compliance, and HR. Even better, such analysis applied organization-wide could provide you with employee sentiment insight to prevent employees from leaving in the first place.
We work with you to extract your data and help you answer key questions before we begin the process. No doubt some of these will be on your list:
- How much data do I have in my archive, and what kind of data is it?
- Is there a cost to move my data out of my legacy archive? If so, what is it?
- Does the archived data need to be reconverted back to its original format?
- How much "dark data" do I have (such as archived messages from inactive users and leavers)?
- Do I need to migrate the entire archive and/or the journal archive?
- Does my archive include email stub links that I need to migrate into the live email system?
- I have ongoing or pending litigation; can I still migrate my archived mail?
- How do I manage archived email that is under legal hold? What special handling is needed to maintain chain of custody?
- Will I be able to account for 100% of my archived mail?
- How long will the Microsoft 365 migration take?
Once you're happy, we put our globally trusted email archive migration solution to work, delivering greater accuracy, better data security and faster extraction than alternatives like QuadroTech/Quest, Transvault, and others.
The Archive360 approach provides you with complete visibility over what exists in your archive and full flexibility as to what you do with it, making sure you keep what you need and can discard what you don't on your terms.
Our email archive migration tool makes light work of extraction and migration, accelerates your Microsoft 365 migration project, with barely any impact on your day-to-day operations. It includes:
- Multi-threaded, multi-server architecture
Providing the highest performance and accuracy of all migration solutions - Native web APIs for your legacy archive
Enables search and filtering of emails by custodian, date range, and other criteria - No indexing or data gathering before extraction
Begin message extraction within minutes of installation, unlike other solutions that take days or weeks to index before project start - Message level chain of custody reporting
Legally defensible reporting reduces eDiscovery risk - Intuitive and powerful graphical user interface
Less time needed for training – faster time to migration
Experience the difference
Leaver data is a challenge that's not going away, but there is a straightforward approach to overcoming it. When compared with Microsoft's recommended method for handling inactive users, Archive360 enables you to save time and money on unnecessary licenses, remove data volume limitations and avoid archive vendor lock-ins. It also enhances eDiscovery, enabling you to carry out fast, accurate, and unlimited targeted searches across all data.
Archive360 enables in-place data preservation and legal holds, plus API integrations with 3rd party tools for tasks like data analytics and machine learning. Rather than a challenge to overcome, handling inactive users in this way benefits your business, providing you with more control over your data and retention policies, ensuring you keep the data you need and don't hold on to data you shouldn't. Put simply, it's a win-win from a cost and compliance perspective.
The Cloud Archive Organizations Trust
Archive360's Archive2Azure is the cloud archive trusted by enterprises and government agencies worldwide. Purpose-built to run in the hyperscale cloud, it is installed and run in your organization's own public cloud tenancy, where you retain all the power, flexibility, and management while maintaining complete control of your data and its security including encryption keys that only you have access to. Additionally, unlike on-premises and SaaS archiving solutions, you are free to unlock valuable insights via data analytics and carry out powerful searches on your data using the latest cloud-based tools that will benefit multiple teams across your business, from HR to legal and compliance.
Find out why major, regulated organizations around the world trust Archive360 with their most sensitive data. Get in touch to request a demo today.
Bill is the Vice President of Global Compliance for Archive360. Bill brings more than 29 years of experience with multinational corporations and technology start-ups, including 19-plus years in the archiving, information governance, and eDiscovery markets. Bill is a frequent speaker at legal and information governance industry events and has authored numerous eBooks, articles and blogs.
