Automatically Enable Archive Mailboxes Once the Primary Mailbox Exceeds a Threshold

A question following my article about how to transition from Exchange Online mailbox retention policies to Microsoft Purview retention policies asked:

“Is there a way in legacy or M365 online archiving policies , that it can be enabled based on primary mailbox data size ,say for example mailbox size crosses 40 gb , it’s online archive gets enabled automatically and older data gets move to online archive to keep primary mailbox at 40 gb limit.”

It’s a reasonable request. Essentially, the organization wants users to keep all email in their primary mailboxes until the mailboxes get to 40GB. Once that point is reached, the organization wants to enable archives for those mailboxes and start to move old email from the primary mailboxes to the archives to keep the size of the primary under 40 GB.

Archive Mailboxes and Sizing

These are proper archive mailboxes and not Outlook’s archive folder. Real archive mailboxes can grow to up to 1.5 TB using the Exchange Online auto-expanding mechanism. Note: if you enable auto-expanding archives, you cannot move those archive mailboxes back to an on-premises Exchange server.

Exchange Online enterprise mailboxes have quotas of between 50 GB and 100 GB based on the license assigned to the account, so the 40 GB threshold is a tad arbitrary. It might be that keeping under this size assures reasonable performance for the OST file. If so, that’s a good thing because you don’t want the OST to become so large that it impacts PC performance.

Assigning Archives Based on Mailbox Size

The outline of the solution is:

1. Find mailboxes that are not archive-enabled.
2. Check the mailbox size.
3. If the mailbox size exceeds the threshold, enable the archive mailbox, and assign an Exchange Online mailbox retention policy to instruct the Mailbox Folder Assistant to move items from the primary to the archive mailbox after they reach a certain age.

Exchange Online mailbox retention policies are the only way to move items into an archive mailbox. Microsoft Purview retention policies can keep or remove items, but they cannot move mailbox items.

To prepare, I created an Exchange Online mailbox retention policy with a single default move to archive tag (Figure 1). The policy can contain other retention tags to handle processing of default folders like the Inbox and Sent Items, or to allow users to mark items for retention. However, all that we need is the default move to archive tag. In this instance, the tag instructs the MFA to move items from the primary to the archive mailbox once they reach 730 days (2 years) old.

Now we need some PowerShell to check for and process mailboxes. Here’s the script that I came up with:

# Define archive threshold
$ArchiveThreshold = 40GB

# Find mailboxes without an archive
Write-Host "Looking for mailboxes that are not archive-enabled..."
[array]$Mbx = Get-ExoMailbox -RecipientTypeDetails UserMailbox -Filter {ArchiveState -ne "Local"} -ResultSize Unlimited
If (!($Mbx)) { Write-Host "No mailboxes found without archives - exiting!" ; break }

Write-Host ("Checking {0} mailboxes" -f $Mbx.count); $MbxUpdated = 0
ForEach ($M in $Mbx) {
   
   $Stats = Get-ExoMailboxstatistics -Identity $M.ExternalDirectoryObjectId
   If ($Stats.TotalItemSize.Value -gt $ArchiveThreshold) { # Mailbox size is larger than the threshold
      Write-Host ("Enabling archive for mailbox {0}..." -f $M.UserPrincipalName)
      Enable-Mailbox -Archive -Identity $M.ExternalDirectoryObjectId
      Set-Mailbox -Identity $M.ExternalDirectoryObjectId -RetentionPolicy "Mailbox Two-Year Archive Policy"
      $MbxUpdated++
   } #End if
} #End ForEach Mbx

Write-Host ("All done. {0} mailboxes were processed and {1} were archive-enabled" -f $Mbx.Count, $MbxUpdated)

Wrapping Things Up

To complete the solution, we should arrange for the script to be run periodically to be sure that mailboxes receive archives once they exceed the threshold. The scheduler in Azure Automation is a great way to run scripts like this and the cost to execute scripts is very reasonable. V3.0 of the Exchange Online management module introduced support for Azure Automation managed identities so there’s no danger of compromise due to leaked credentials. Which is exactly how it should be.

---

Learn about exploiting Exchange Online and the rest of Office 365 by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s important and how best to protect your tenant.

No Support for Auto-Expanding Archives in Any Version of Exchange Server

I was surprised that Microsoft had to announce that they have had to programmatically block any attempts to move auto-expanding archive mailboxes from Exchange Online to on-premises servers (MC467234, updated 24 November 2022). The new block should be effective worldwide by the end of December 2022.

Microsoft’s documentation has always been precise on the topic, saying “after auto-expanding archiving is enabled for a cloud-based archive mailbox, you can’t off-board that archive mailbox back to the on-premises Exchange organization. Auto-expanding archiving isn’t supported for on-premises mailboxes in any version of Exchange Server.”

I cannot remember Microsoft being anything but clear on this point. Since the announcement of the feature in June 2015 (the blog post is now offline), it has always been the case that only Exchange Online supported auto-expanding archives. The technology appeared in Exchange Online in 2016 but experienced some teething difficulties that meant that full worldwide deployment didn’t happen until early 2018. At that point, Microsoft wasn’t going to retrofit such a huge technical change on Exchange 2016 and nothing was done to implement auto-expanding archives in Exchange 2019, which is the current situation.

Block to Stop Offboarding Auto-Expanding Archives to Exchange Server

The interesting question is why Microsoft feels it necessary to introduce a new block. Obviously, some customers have tried to move mailboxes with auto-expanding mailboxes back to on-premises servers to find that things don’t go so well. The new block will cause any attempted moves to “gracefully fail with no data loss,” which is quite a relief.

Essentially, once an organization enables auto-expanding archives, it increases its connection to Exchange Online. It’s possible to offboard a mailbox with an auto-expanding archive, but only the primary mailbox can move to on-premises Exchange. The archive remains in the cloud. It remains possible to move Exchange Online mailboxes with simple archives back on-premises.

Important Points About Auto-Expanding Archives

Other important facts about auto-expanding archives include:

• Exchange Online supports the choice of auto-expanding archives for the entire organization or selected mailboxes.
• After an archive mailbox becomes auto-expanding, it is always auto-expanding. The archive mailbox cannot be transformed into a simple archive mailbox again. Although the archive status for mailboxes is visible in the Exchange admin center, EAC doesn’t tell you if the archive is simple or auto-expanding (Figure 1).

• Administrators must use PowerShell to work with auto-expanding mailboxes. For example, to enable an individual mailbox, run the Enable-Mailbox cmdlet:

Enable-Mailbox -Identity Terry.Hegarty -AutoExpandingArchive 

• To find the set of mailboxes enabled for auto-expanding mailboxes, use the Get-EXOMailbox cmdlet to find the set of user and shared mailboxes and apply a client-side filter against the set to find those with the AutoExpandingArchiveEnabled property set to True.

Get-EXOMailbox -RecipientTypeDetails UserMailbox, SharedMailbox -Properties AutoExpandingArchiveEnabled -ResultSize Unlimited | Where-Object {$_.AutoExpandingArchiveEnabled -eq $True } | Format-Table DisplayName, RecipientTypeDetails

• Exchange Online automatically begins the auto-expanding process when an archive mailbox reaches 90% capacity (99 GB of the 110 GB assigned quota). Exchange Online increases the normal archive quota from 100 GB to 110 GB to accommodate auto-expansion. Some older mailboxes might still have 100 GB archive quotas even when enabled for auto-expansion. This problem can be fixed by re-enabling auto-expansion for the archive.
• You can’t recover or restore an inactive mailbox if it has an auto-expanding archive. Instead, you must export the data from the archive using the results of a content search and import the data into another mailbox.
• The limit for an auto-expanding archive is 1.5 TB (here’s a script to report archive status). Originally, Microsoft publicized auto-expanding archives as “bottomless,” but operational and software issues made it necessary to impose a limit.
• Shared mailboxes support auto-expanding archives if you assign an Exchange Online Plan 2 license to the mailbox.

Not Many Organizations Use Auto-Expanding Archives

My judgement is that this change is likely to affect relatively few organizations. First, not every Exchange Online organization uses archive mailboxes. Exchange Online makes large 100 GB primary mailboxes available to enterprise accounts, so there’s less need to offload old email to archive mailboxes. Only Exchange mailbox retention policies can move items automatically. Microsoft would like customers to use Microsoft Purview retention policies instead, but Purview policies can’t move items to the archive.

Second, of the total archive population, there’s probably a low percentage that is enabled for auto-expanding archives. It’s natural to leave mailboxes with simple archives unless they need auto-expansion. Those high-traffic mailboxes tend to be more important than the norm. For instance, those used for customer communications or by public-facing executives who receive large volumes of inbound email and need to retain copies for compliance purposes.

Mailboxes with auto-expanding archives must remain in the cloud. Apart from not being able to transfer these mailboxes to on-premises Exchange, it’s not altogether clear how you could move a large expanded archive anywhere else. Exporting the archive via a content search is the obvious answer, but processing up to 1.5 TB of data will take some time.

Although content search exports can accommodate up to 2 TB, the maximum size per PST for output is 2 GB and the search can upload a maximum of 2 GB of mailbox data per hour. All the data from the archive must upload to Azure before it can download to PSTs. Only a small number of auto-expanding archives will be more than 1 TB. In addition, search filters can reduce the amount of exported data to practical amounts at the expense of leaving some data behind. That might be an acceptable solution in some cases.

I’m not sure how many mailboxes will run into the new block. However, the news that a block is necessary will help organizations who have auto-expanding archives or those considering using auto-expanding archives to plan accordingly. It’s a good reminder that if you use a cloud-only feature, the technology is only available in the cloud.

---

Keep up with the changing world of the Microsoft 365 ecosystem by subscribing to the Office 365 for IT Pros eBook. Monthly updates mean that our subscribers learn about new developments as they happen.