In this video we spend some time talking about an aspect of our archiving and compliance story for Exchange on-premises and the service. Specifically, if you do decide to take advantage of the simplicity and lower costs of co-locating your ‘archive’ data with your primary mailbox data, (see here for a previous discussion about why we think this approach is better, cheaper and simpler) do you have to give up on immutability?
The short answer is an emphatic no; not only do you get a great immutability story, but you get one that provides more finely-tuned control over the content that you decide to make immutable. The slightly longer answer about how this works and how Exchange provides built-in immutability policies that allows companies to comply with important regulations and internal is in the video. If you want more detailed whitepapers on the subject please see here.
You may have also seen that we recently released PST Capture – this is another step in putting your rogue .pst files onto Exchange where you can get control of them and start treating that data with the same immutability story.
It was suggested to me that I provide some more information on a few specific things I talk about in the video. So talking about Documents, I of course meant any email or attachment or other item that you happen to have stored in your Exchange Mailbox. Also, when I talk about ‘’Dumpster 2.0” that really is only the internal name for our retention hold functionality and ‘officially’ it is called the Recoverable Items Folder.
I also made a reference to copy-on-write - for those that are interested, copy-on-write is a term that references an approach to handling modifying content without destroying the original content and involves making a copy of an item before writing. In Exchange, when the user wants to modify a message or other piece of content that is marked for retention hold (immutable) the server first makes a copy of the message then moves the original to the Dum…The Recoverable Items Folder and then makes the modifications to the copy.
I'm always interested in any comments you have on Immutability, Archiving or other Exchange topics you want me to talk about.
Interesting and was informative too..!
Can I achieve the same using Exchange Online?
Thanks for your interest in the topic @Charles
@Michael -- Yes, we have the same features available in Exchange Online.
To be clear. Are you saying that Microsoft Exchange 2010 meets industry regulations, specifically SEC 17a-4(f)(2)(ii)(A) that states that the electronic storage media must preserve records exclusively in a non-re-writeable, non-erasable format?
Section iii states the following: "Broker-dealers and vendors of electronic record storage systems have asked whether broker-dealers may use, consistent with Rule 17a-4(f), systems they describe as storing records in a manner that prevents the records from being overwritten, erased or otherwise altered without relying solely on the system's hardware features. Specifically, these systems use integrated hardware and
software codes that are intrinsic to the system to prevent the overwriting, erasure or alteration of the records. Thus, while the hardware storage medium used by these systems (e.g., magnetic disk) is inherently rewriteable, the integrated codes intrinsic to the system prevent anyone from overwriting the records."
By using legal hold or rolling hold, you are using such software based codes.
err - the above was for Paul, not Perry.
Thank you Ankur! I appreciate the follow up. Sorry to continue pressing the point but there is the potential for significant architecture simplification if Microsoft guarantees compliance to the SEC rulings.
The SEC has an article titled the "Interpretation of Electronic Storage of Broker-Dealer Records" at the following link.
Your comments are in line with what broker-dealers and vendors have asked for but the Commission's interpretation towards the middle of the 3rd page makes me uneasy:
"The Commission's interpretation does not include storage systems that only mitigate the risk a record will be overwritten or erased. Such systems - which may use software applications to protect electronic records, such as authentication and approval policies, passwords or other extrinsic security controls - do not maintain the records in a manner that is non-rewriteable and non-erasable. The external measures used by these other systems do not prevent a record from being changed or deleted. For example, they might limit access to records through the use of passwords. Additionally, they might create a "finger print" of the record based on its content. If the record is changed, the fingerprint will indicate that it was altered (but the original record would not be preserved). The ability to overwrite or erase records stored on these systems makes them non-compliant with Rule 17a-4(f)."
I go back and forth on what this means and how it applies to Exchange 2010.
Hello Ankur and Perry,
Just checking in again to see if you agree that Microsoft does or does not comply with SEC 17a-4 as listed in the SEC interpretation above?
The statement at the end of the paragraph you quoted is the part I would like to hold onto. Exchange does not create a fingerprint to notify you that the data was there.
Using a fingerprint/finger analogy:
If the item is "deleted" by a user, the finger (not fingerprint) is retained without modifying the integrity of the message.
If the item is changed, the original finger is retained, and a second finger is created with the new modified data. (What we call copy-on-write).
At the same time, we also provide the finger print for all access (auditing).
there is another portion where it states that "do not prevent the a record from being changed or deleted" - Exchange nevers alter the item.
Hi Perry, PST capture is not overly helpful given its got a 1000 limit cap! Does pose some challenges to large orgs. Any thoughts on this?
PST Capture is limited to 1000 users today only for Exchange Online, not for on-premises. We will take the feedback for Online though - thank you.