- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
- Ten sed command examples - Wed, Aug 23 2023
When an end user deletes an email message using a regular delete (not SHIFT+DELETE), the email message is moved from the Inbox or other folders to the Deleted Items folder. This allows users to quickly move a message that was accidentally deleted back to their Inbox. This is a self-service process that doesn't require the intervention of IT staff.
When a user empties the Deleted Items folder or SHIFT+DELETEs an email, these go into a special folder located at Recoverable Items > Deletions. The same happens when you right-click the Deleted Items folder and choose Empty Folder. When emails are moved here, there is still an opportunity to recover the items, as we will see.
To see the email items in this location, click Deleted Items > Recover items deleted from this folder. The link appears at the top of your email panel when accessed from the web portal or Outlook client.
Configuring recoverable items
Microsoft 365 has the following retention periods for emails:
- Inbox—persistent until manually deleted
- Deleted Items—persistent until manually deleted.
- Recoverable items (items deleted from your Deleted Items folder)—14 days by default (max 30)
We can check the configured retention policy for recoverable items with the PowerShell cmdlet below:
Get-Mailbox -identity <your user> | select RetainDeletedItemsFor
As shown below, the default RetainDeletedItemsFor property for a user in a Microsoft 365 subscription is 14 days.
You can use PowerShell to increase the RetainDeletedItemsFor property and set the maximum to 30 days. Notice below that attempting any value higher than 30 is not allowed.
Set-Mailbox -Identity <your user> -RetainDeletedItemsFor 30
Creating in-place and litigation holds
Businesses do have a way to prevent emails from being deleted due to the default retention settings found natively in Microsoft 365. The in-place hold allows the creation of a granular hold policy to preserve mailbox items. The in-place hold can hold items based on the following:
- Indefinite hold—This is similar to the litigation hold, which keeps the mailbox indefinitely
- Query-based hold—Hold only items based on a query that contains certain keywords, start and end dates, sender and recipient, addresses, and message types
- Time-based hold—Specify the duration for which mail items are held
Litigation holds use the LitigationHoldEnabled property of a mailbox. These are not granular, and place the entire mailbox contents on hold.
Recovering deleted emails after permanent deletion
What happens after your email items roll past the 30-day retention period in the Recoverable items > Deletions folder? If there are no compliance, in-place, or litigation holds that would retain the emails past this point, your emails, from a Microsoft perspective, are not recoverable.
After the 30-day retention period, businesses must use their own solutions and methods to recover deleted emails. Many third-party backup solutions offer the ability to protect Microsoft 365 cloud emails and files. Of course, a third-party backup solution must be in place before the data loss event.
Another way to save a copy of Microsoft 365 emails is to export your mailbox to a PST file.
Wrapping up
It is important for organizations using Microsoft 365 to understand the retention of data and the default policies in place. Both the Deleted Items and the hidden Recoverable Items > Deletions folder are safety nets that help prevent data loss when emails are deleted.
Subscribe to 4sysops newsletter!
After a maximum of 30 days, the Recoverable Items > Deletions folder is emptied, and the emails here are gone forever without additional compliance or other holds put in place. Organizations must then use third-party backup solutions and other means to back up business-critical email data.
Pretty good article for people using Microsoft 365 email solution. Another important command to set the mailboxes of all org users in one go:
Source: MS docs