Everything You Need to Know About Exchange Journaling
In this fast-paced, modern world, your organization probably sends and receives thousands of emails — if not more — each day. Many of those emails contain valuable or potentially sensitive information about business operations and initiatives, products and services, customer data, performance metrics and so on. Given the nature of these communications, it’s in your best interest to create and maintain a corporate record of all emails, one that you can easily access on a moment’s notice.
That’s the basic concept behind email journaling in Microsoft Exchange.
What is Email Journaling?
Before we get into specifics, let’s talk for a moment about email journaling. Email journaling refers to the process where a journaling system creates shadow copies of all incoming and outgoing emails while they’re in transit and stores them in their own mailbox for an indefinite period of time.
Isn’t that the same thing as email archiving?
No. In fact, email journaling and email archiving are two entirely different things.
You see, as mentioned above, email journaling creates a copy of an email and stores it in a mailbox on your main server. Email archiving, on the other hand, moves the original copy of an email to off-site storage — typically a hosted cloud-based server — thereby freeing up valuable storage space. Email archives tend to be more user-friendly than journal mailboxes in that they’re easier to search. Also, the contents of journal mailbox can be deleted by any user with administrative access, unlike the contents of an email archive. Both email journaling and email archiving can be automated.
Both functionalities offer unique advantages and, when used together, are powerful tools for regulatory compliance for reproducing evidence in the event of an eDiscovery request or litigation.
What is Exchange Journaling?
Exchange, Microsoft’s flagship mail and calendaring server, comes in two flavors — Exchange Server and Exchange Online — both of which offer built-in email journaling systems. Microsoft first launched the Exchange Journal Mailbox in 2010 in response to a new requirement from the Security Exchange Commission (SEC). Exchange’s built-in journaling agent captures messages, known as journal reports, via the Transport service on the Mailbox server. From there, the journaling agent stores the journal report as an unalterable file attachment and generates summary information from the original message in a process known as envelope journaling. This summary information includes the email addresses of both the sender and the recipient, as well as the subject of the email.
Exchange Server, specifically, offers two email journaling options: standard journaling and premium journaling. Standard journaling captures all messages sent to or received by mailboxes within a specific mailbox database, whereas premium journaling requires authorized users to configure journaling rules within Active Directory (AD). These rules dictate which messages the journaling agent is supposed to capture and should include the journal recipient, the journal rule scope and the journaling mailbox, which are defined as follows:
The first and third components of a journal rule — that is, the journal recipient and the journal mailbox — have a direct effect on your storage resources. With journal recipients, selecting specific recipients or groups of recipients, as opposed to your entire organization, can greatly reduce the amount of storage you require for Exchange journaling. Journaling mailboxes must be able to accommodate the maximum message size available in your organization; based on this information, Microsoft recommends that users disable storage quota limits on journaling mailboxes. You’ll also want to consider whether it makes more sense to store journaling mailboxes on-premises or in the cloud via a third-party solution; more on that momentarily.
Any configuration changes made to journal rules stored in AD are replicated between domain controllers in your organization via the Transport service in a process known as journal rule replication. Replication delays can occur depending on factors outside of Exchange’s control.
Should your Exchange Journal Mailbox be unavailable for any reason, you can configure an alternate journaling mailbox to store journal reports until it comes back online rather than allow them to languish in Mailbox servers’ mail queues. Once your journaling mailbox is back online, simply use the Send Again feature to resend journal reports to their original destination.
Exchange Journaling in the Cloud
If Exchange journaling is of any interest to you but you’d like to avoid consuming precious on-premises storage resources, there are cloud-based alternatives available. For example, if you’re currently using Exchange Server, you might consider migrating to Exchange Online, which is entirely cloud-based and comes with the added bonus of Microsoft’s built-in disaster recovery resources. Another option is to partner with a third-party cloud provider, though it’s important to thoroughly evaluate each vendor’s standards before making the switch.
If neither of those options appeal to you, and your organization already has its own cloud, you may want to consider moving your journaling mailboxes to that cloud. Unlike partnering with a third-party provider, this option enables you to define your own security, compliance and access provisions. Best of all, Microsoft Azure makes it easy to move Exchange journaling data to the cloud and offers unlimited scalability, so your mailboxes can grow along with your business.
The Benefits of Exchange Journaling
Enhanced regulatory compliance: Whether your organization exists in the finance sector, the healthcare industry or anywhere in between, you’re likely subject to at least a few regulations, some of which might have specific language around record retention. Exchange journaling takes the guesswork out of compliance by creating an easily accessible, unimpeachable record of all email communications.
Some of the regulations that journaling can help you comply with include:
- Act on the Protection of Personal Information (APPI)
- European Union Data Protection Direction
- Financial Institution Privacy Protection Act of 2001
- Financial Institution Privacy Protection Act of 2003
- General Data Protection Regulation (GDPR)
- Gramm-Leach-Bliley Act (Financial Modernization Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)
- Sarbanes-Oxley Act of 2002 (SOX)
- Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)
- Uniting and Strengthening America by Providing Appropriate Tools to Obstruct Terrorism Act of 2001 (Patriot Act)
Proactive eDiscovery preparation: In our litigation-happy world, it helps to be prepared. By creating an accurate and unalterable record of all or select email communications, Exchange journaling makes it easy for organizations such as yours to quickly reproduce journal reports in the event of an eDiscovery request.
Detailed, tamper-proof correspondence records: Whether you want to ensure that your employees’ communications with customers meet quality standards or your HR department needs to review journal reports as part of an ongoing internal investigation, Exchange journaling creates an easily searchable repository of immutable records.
How to Configure Exchange Journaling
The process of setting up an Exchange Journal Mailbox varies slightly depending on whether you use Exchange Server or Exchange Online.
Exchange Server: Standard Journaling
You can also use the Exchange Management Shell to enable or disable journaling on mailbox databases.
Exchange Server: Premium Journaling
With premium journaling, you need to configure journal rules. In order to do so, perform the following:
Like standard journaling, you can also use the Exchange Management Shell to create journal rules for premium journaling.
The process of setting up an Exchange Journal Mailbox in Exchange Online is basically the same as it is in Exchange Server premium journaling in that you need to create journal rules. The only significant difference is that you must also specify an alternate journaling mailbox for undeliverable journal reports.
Exchange Journaling Best Practices
Once you’ve successfully configured Exchange journaling, there are a few best practices you should implement to ensure that it runs as efficiently as possible:
- Since Exchange can only support mailboxes under 5–10G, you should use at least one journaling mailbox per mail server to prevent performance issues.
- Work closely with your organization’s legal and compliance departments when creating journal rules to ensure that they comply with the necessary regulations.
- Enable circular logging in your mailbox database to free up valuable disk space.
- Create a strong mailbox password to prevent unauthorized users from gaining access to your journaling mailbox.
- Make sure your journaling mailbox is configured to only allow mail from Microsoft Exchange and authorized senders.
- Implement real-time email archiving along with email journaling to cover all of your bases.
Speaking of email archiving, if you’re in the market for an archiving solution to accompany your newly set up Exchange journaling system, why not give Intradyn a try? With three deployment options to choose from, advanced search capabilities and state-of-the-art message intelligence functionality, Intradyn’s Email Archiver is the perfect complement to Microsoft Exchange.