Table of Contents
The Default MRM Policy and the Deleted Items Folder
Vasil Michev’s recent post “Make sure Deleted items are automatically removed from Microsoft 365 mailboxes” covers Exchange Online mailbox retention policies. One of the points made is that the default mailbox retention policy (called Default MRM policy) doesn’t contain a folder retention tag for the Deleted Items folder. The effect is that items remain in Deleted Items indefinitely unless the policy assigned to a mailbox includes a default delete or default archive tag. In these circumstances, the Managed Folder Assistant (MFA) either deletes or archives items after items reach the retention period.
Microsoft removed the folder tag to control the Deleted Items folder from the default mailbox retention policies assigned to Exchange Online mailboxes in February 2015. For whatever reason, Microsoft was concerned that users “lost” items because the folder retention tag assigned to Deleted Items caused the MFA to remove items after 30 days. They said: “With this update, the length of time items remain in the Deleted Items folder is extended to indefinitely or according to the duration set by your administrator.”
In other words, if you left things alone, items remained in Deleted Items forever unless administrators stepped in to update the default mailbox retention policy or created a different mailbox retention policy and assigned it to mailboxes. At the time, I heeded the advice and updated the default mailbox retention policy to ensure that automatic removal of items from the Deleted Items folder continued.
Exchange Online Ignores Updates of the Default MRM Policy
Moving on to 2023, Vasil points out that it is no longer possible to assign a deleted items folder tag to the Default MRM policy in recently-created tenants. Vasil tested in a new tenant; I tested in my development tenant created in 2020. Here are the steps to demonstrate the issue. First, check that the Deleted Items retention tag exists and that it’s a folder tag for the Deleted Items folder:
Get-RetentionPolicyTag -Types DeletedItems | Format-Table Id, Type, RetentionAction, AgeLimitForRetention Id Type RetentionAction AgeLimitForRetention -- ---- --------------- -------------------- Deleted Items DeletedItems DeleteAndAllowRecovery 30.00:00:00
Now populate an array with the retention tags for the Default MRM policy. As expected, the tags are the default set defined by Microsoft for this policy:
[array]$RetentionTags = Get-RetentionPolicy -Identity 'Default MRM Policy' | Select-Object -ExpandProperty RetentionPolicyTagLinks $RetentionTags 5 Year Delete 1 Year Delete 6 Month Delete Personal 5 year move to archive 1 Month Delete 1 Week Delete Personal never move to archive Personal 1 year move to archive Default 2 year move to archive Junk Email Recoverable Items 14 days move to archive Never Delete
Now add the Deleted Items retention tag to the array of tags, update the mailbox retention policy, and check the set of retention tags in the policy:
$RetentionTags += "Deleted Items" Set-RetentionPolicy -Identity "Default MRM Policy" -RetentionPolicyTagLinks $RetentionTags Get-RetentionPolicy -Identity 'Default MRM Policy' | Select-Object -ExpandProperty RetentionPolicyTagLinks 5 Year Delete 1 Year Delete 6 Month Delete Personal 5 year move to archive 1 Month Delete 1 Week Delete Personal never move to archive Personal 1 year move to archive Default 2 year move to archive Junk Email Recoverable Items 14 days move to archive Never Delete
There’s no sign of the Deleted Items folder tag in the set of retention tags for the Default MRM policy. Exchange Online simply ignored the update (Figure 1).
Everything Works With a New Retention Folder Tag for Deleted Items
But if you define a new retention tag for Deleted Items, the same commands work to add the new retention tag to the Default MRM policy:
New-RetentionPolicyTag -AgeLimitForRetention 365 -RetentionAction DeleteAndAllowRecovery -Name 'Deleted Items Remove After 1 Year' -RetentionEnabled $True -MessageClass * -Type DeletedItems Name Type Description ---- ---- ----------- Deleted Items Remove Aft… DeletedItems Managed Content Settings [array]$RetentionTags = Get-RetentionPolicy -Identity 'Default MRM Policy' | Select-Object -ExpandProperty RetentionPolicyTagLinks $RetentionTags += 'Deleted Items Remove After 1 Year' Set-RetentionPolicy -Identity "Default MRM Policy" -RetentionPolicyTagLinks $RetentionTags Get-RetentionPolicy -Identity 'Default MRM Policy' | select-Object -ExpandProperty RetentionPolicyTagLinks Deleted Items Remove After 1 Year Delete After 10 Years 5 Year Delete 1 Year Delete 6 Month Delete Personal 5 year move to archive 1 Month Delete 1 Week Delete Personal never move to archive Personal 1 year move to archive Default 2 year move to archive Junk Email Recoverable Items 14 days move to archive Never Delete
Something screwy is going on here. Microsoft’s documentation for “What you can do with the Default MRM policy” explicitly says that it’s possible to add a retention tag to the policy. No exceptions are called out for a specific Deleted Items folder tag. And Microsoft’s documentation makes no mention that attempts to add the Deleted Items folder tag to the Default MRM policy will be ignored without any error.
Why Handicap the Default MRM Policy
Software bugs happen and it’s entirely possible that a software engineer made a mistake in the code that processes addition of retention tags to a retention policy. However, surely Microsoft would have noticed and fixed such a bug before now? Another possibility is that Microsoft deliberately decided to handicap the Default MRM policy to encourage tenants to move to Microsoft 365 retention policies. Microsoft 365 retention operates on a container basis and a retention policy applied to a mailbox acts in the same manner as a default delete tag, meaning that items in the Deleted Items folder are processed in the same way as items in all other folders.
Microsoft 365 retention doesn’t support specific retention processing for selected folders, nor does it support a method to move items to archive mailboxes. Both are reasons why Exchange MRM persists and pose a challenge for Exchange Online tenants who want to move to the workload-agnostic approach taken by Microsoft 365 retention. In truth, Microsoft 365 retention tries to be agnostic, but all sorts of compromises exist to ensure that retention processing can deal with different kinds of items from email to documents to Copilot interactions.
Getting back to the point in hand, depowering the Default MRM policy for new tenants seems like a backward step. I don’t see the advantage gained by Microsoft and especially not by tenants. Microsoft should reverse this block and let Exchange Online administrators realize the promise made in Microsoft’s documentation to be able to configure retention as they need. It’s the right thing to do.
Learn about using Exchange Online and the rest of Office 365 by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s important and how best to protect your tenant.
When I look at the default MRM retention days in my Compliance Center, there are both “deleted items” and “deleted items 30 days”, which ensure that deleted items are deleted after 30 days. This means that the problem no longer exists, or am I wrong?
An Exchange mailbox retention policy can only have one folder tag for Deleted Items. You’d need to provide more detail to comment.
It’s entirely possible that someone added a personal tag called Deleted Items 30 days to the policy and updated the policy to add the DeletedItems tag back before Microsoft introduced the change (block) described in the article.