Finding and Recovering Deleted Office 365 Data
Configuring Data Archiving
The course is part of these learning paths
Microsoft 365 provides multiple features and services for managing working data as well as for retaining them as needed. It is critical for you as an IT administrator to understand the features available for ensuring that deleted data can be restored and that you can import other data and use Microsoft 365 as an archive.
This course will focus on how to manage archival, deletion, and restoration of content and data within Microsoft 365. By the end of this course, you will know the various options available for that and when to use the Admin Center or PowerShell to restore data and content. We will also discuss some of the important aspects of working with deleted data.
- Identify content for recovery
- Ensure your end-users have the data they need
- Recover data in Microsoft 365
- Archive data in Microsoft 365
This course is intended for people who want to become a Microsoft 365 Certified: Security Administrator Associate.
If you wish to follow along with this course, it is recommended that you have a Microsoft 365 tenant, an account with Global Administrator access, as well as content within SharePoint Online and OneDrive for Business, a few Exchange Online mailboxes, and users in Azure Active Directory.
So, let's first talk about understanding archiving within Office 365. Office 365 lets administrators import and archive third-party data from social media platforms, instant messaging platforms and other document collaboration platforms. Once that third-party data is imported, compliance features can be utilized such as Litigation Hold, eDiscovery, Retention Settings, Records Management, Communication Compliance, and Insider Risk Management.
There are two ways to import and archive third-party data directly into Office 365. The first is to use either a Microsoft or third-party data connector. The second is to work directly with a Microsoft partner. Depending on the connector and the source of the data, the specific service support may differ. For example, if importing LinkedIn data, you only have support for Litigation Hold, eDiscovery, Retention Settings, and Records Management. Other data connectors support either a single or multiple service within Microsoft 365.
Currently, Microsoft supports third-party connectors from Veritas, TeleMessage, 17a-4 LLC, and Cell Trust. An example of a Microsoft connector has been built for Twitter. The connector joins your organization's Twitter account and then synchronizes the data on a scheduled basis into Microsoft 365. After the Twitter data is imported, you can then apply Microsoft 365 compliance features such as Litigation Hold, Content Search, In-place Archiving, Auditing, and Microsoft 365 retention policies. For example, you can search Twitter data using Content Search or associate the mailbox where the data is stored with a custodian in an Advanced eDiscovery case.
The four steps to utilizing the Twitter sample would be to first sign in with the account, and connect that with the connector. You then must have a valid Azure Subscription for this to work. Consent to allow Office 365 to import the data, and then your execution account must also have a mailbox import, export role within Exchange. To configure the Twitter account, you need a Twitter account, a valid subscription, and your account must be assigned as a data connector admin.
To configure the connector itself, you perform the following steps. You download the pre-built connector with GitHub, Create an app within Azure Active Directory. Create the storage that's required within Azure. Deploy the connector Web service from the GitHub download into the Web App resource, create a developer app within Twitter, configure the Twitter connector app, and then set up the connector within Microsoft 365. Once it's been implemented and connected, then you can utilize the specific controls such as the Compliance Center.
As well as third-party importing, Microsoft provides auto-expand archiving for mailboxes within Exchange Online. After a user's archive mailbox is enabled, up to 100 GB of additional storage is available. Historically, once a user would hit the 100 GB limit, you need to contact Microsoft Support for assistance. The archiving feature in Microsoft 365 provides up to 1.5 TB of additional storage in archive mailboxes. If the storage quota in the archive mailbox is reached, then it will auto expand up to that storage.
Archiving is enabled for a user mailbox or a shared mailbox. An archive mailbox with a 100 GB of storage space is created, and the warning quota for the archive mailbox is set to 90 GB. An administrator enables auto-expanding archiving for the mailbox. When the archive mailbox reaches 90 GB, it's converted to an auto expanding archive, and Office 365 adds additional space to the archive. Now it can take up to 30 days for this additional storage space to be provisioned. Office 365 will then automatically add more storage space when necessary.
Office 365 can add up to 20 auxiliary archives with a total of 1.5 TB of additional archive storage space. To ensure efficient use of the auto-expanding feature, folders within the mailboxes may be automatically moved. Microsoft 365 determines which mail folders get moved when additional space is added to the existing storage. And you can enable auto-expanding archive at the tenant level or for specific users. Para Shell is available to enable auto archiving at both the organizational level and the end user level, using their respective commands. Enabling unlimited archiving for the organization is done using Set-organizationConfig and setting the auto-expanding archive property.
Enabling unlimited archiving for user mailboxes is done by using enable mailbox and also setting auto-expanding archive property. Let's go into our environment and look at executing PowerShell for enabling auto-expanding archiving for the entire tenant and a specific user. There were two different approaches to enabling unlimited archiving within mailboxes. The first is at the organizational level and the second at the user level.
Now to check if it's configured at the organizational level, we can actually say Get-OrganizationConfig and if we just press enter, you'll see there's too many properties to look at. We could scroll backwards and forwards, but there's too many here. So, what we can do instead is use that same command, and then we'll format that to a list, and the property that we're looking for here is an auto-expanding property which is auto-expanding, archive enabled. And you can see that in my tenant at the organizational level, it's now configured.
Now the downside is, once it's configured at this level, you can't just automatically turn it off. However, what we can do is using the tenant. We could go down to the mailboxes and set those values. Now you might think that we could just say, OrganizationConfig, use the set option, and then say AutoExpandingArchive. It's now enabled so we could say $false and press Enter. But of course, as you notice it doesn't work. So, once it's been enabled, it's on, and then we have to go down to the mailbox and turn it off as needed.
So, how do we actually do that for a mailbox? If we do that query and it comes back as false, then how do we enable that at the individual user level? Well, first off, let's go and get a mailbox, so I'll run out. Get-Mailbox Query and let's pick LidiaH. I'll just copy her name just because it'll be easier to use from there. And then what I can do is say, Get-Mailbox-Identity, will use "LidiaH". Will then take that value and format it out to a list and we'll say, AutoExpandingArchiveEnabled.
Now notice. Even though the organizational level is set at the individual mailbox level, it hasn't been set., So, we can now go ahead and enable that at the mailbox level. Now this is a little bit easier, because what we can do is just use the enable mailbox command, so we can say Enable-Mailbox. We'll use the identity option again, we'll paste in LidiaH. And then there's a property on here called AutoExpandingArchive, and we can press 'Enter'. Now you'll notice that, that just return some static values. So, let's go back and say Get-Mailbox and you'll see now that that property has been updated to true.
Liam Cleary is a Microsoft MVP and Microsoft Certified Trainer focused on Microsoft 365 and Azure. He's been working with Microsoft Cloud and Azure technologies since their creation and focuses heavily on deployments, management, and the security of Microsoft 365 and Azure. He also holds multiple certifications for both Microsoft 365 and Azure.