Skip to main content This browser is no longer supported. Show Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Journaling in Exchange Server
In this articleJournaling in Exchange Server can help your organization respond to legal, regulatory, and organizational compliance requirements by recording all or targeted email messages. Journaling in Exchange Server is basically unchanged from Exchange Server 2010. Exchange provides the following journaling options:
To configure journaling, see Journaling procedures in Exchange Server. When you plan for messaging retention and compliance, it's important to understand journaling, and how journaling fits in your organization's compliance policies. Why journaling is importantFirst, it's important to understand the difference between journaling and archiving when it comes to email messages:
Many organizations need to maintain records of the email communication that occurs as employees perform their daily business tasks. You can use Exchange journaling as a tool in your email retention or archival strategy. Although a regulation may not specifically require journaling, Exchange journaling can help your organization achieve compliance with the regulation. For example, corporate officers in some financial sectors can be held liable for claims that are made by their employees to customers. Designated compliance managers can use journaling to collect and regularly review the email messages that are sent by employees to customers as part of their greater employee-to-customer communications review. The compliance managers can report their approval to the corporate officer, and the corporate officer can then report compliance to the regulating body. The following list shows some of the more well-known U.S. and international regulations where Exchange journaling may help form part of your compliance strategies:
Journaling agentThe Journaling agent is the built-in Exchange transport agent that processes messages as they flow through the Transport service on Mailbox servers. The journaling configuration settings are stored in Active Directory, and are read by the Journaling agent. The Journaling agent is registered on the OnSubmittedMessage and OnRoutedMessage categorizer events in the transport pipeline. For more information about the transport pipeline, see Mail flow and the transport pipeline. Note that built-in transport agents like the Journaling agent are invisible and unmanageable by the transport agent management cmdlets (*-TransportAgent). Journal reportsA journal report is the message that's recorded by journaling. The journal report contains the original message as an unaltered file attachment. The body of the journal report contains summary information from the original message (for example, the sender's email address, message subject, Message-ID, and recipient email addresses). This type of journaling is known as envelope journaling, and is the only journaling method that's supported by Exchange. Journal reports and IRM-protected messagesYou need to consider the effects of IRM-protected messages on journal reports. Third-party archiving systems that don't have built-in RMS support can't decrypt the IRM-protected messages in journal reports, which negatively affects the search and discovery of content in journaled messages. In Exchange, you can configure journal report decryption to save a clear-text copy of the message in the journal report. For more information, see Enable journal report decryption. Journal rulesThe basic components of a journal rule are:
Journal recipientThe journal recipient specifies who you want to journal. Messages that are sent to or received by the journal recipient are journaled (the direction doesn't matter). You can configure a journal rule to journal messages for all senders and recipients in the Exchange organization, or you can limit a journal rule to an Exchange mailbox, group, mail user, or mail contact. If you specify a distribution group, you enable journaling for the members of the distribution group (not for the group itself). By targeting specific recipients or groups of recipients, you can configure a journaling environment that helps you meet your organization's regulatory and legal requirements, while minimizing the storage and other costs that are associated with retaining large amounts of data. Journal recipients that are enabled for Unified Messaging in Exchange 2016By default, if your Exchange 2016 organization uses Unified Messaging (UM) to consolidate the email, voice mail, and fax infrastructure, Exchange is configured to journal voice mail notification and missed call notification messages. You can disable journaling for these types of messages, but messages that contain UM-generated faxes are always journaled. To disable journaling for voice mail and missed call notifications, see Enable or disable journaling for voice mail and missed call notifications. Note Unified Messaging is not available in Exchange 2019. Journal rule scopeAfter you define who you want to journal, you need to define the scope of the messages to journal. The available scopes are:
Journaling mailboxThe journaling mailbox is where the journaled messages are delivered. How you configure the journaling mailbox depends on your organization's policies, regulatory requirements, and legal requirements. For example, you may be able to configure one journaling mailbox for all journal rules in your organization, or you may be required to use different journaling mailboxes for different journal rules. Notes:
Alternate journaling mailboxLike other messages, undeliverable journal reports are queued, and delivery is periodically retried until the message expires (the default value is two days, and is configured by the MessageExpirationTimeout parameter on the Set-TransportService cmdlet). Unlike other messages, expired journal reports can't be returned to the sender in a non-delivery report (also known as an NDR or bounce message), because the sender is the Microsoft Exchange recipient. Expired journal reports can't be recovered. If you don't want undeliverable journal reports to queue and eventually expire, you can specify an alternate journaling mailbox that accepts the NDRs for all undeliverable journal reports when any journaling mailbox is unavailable (one alternate journaling mailbox for all journaling mailboxes in your organization). The original journal report is an attachment in the NDR. When the journaling mailbox becomes available again, you can use the Resend this message feature in Outlook on the NDRs in the alternate journaling mailbox to send the unaltered delivery reports to the journaling mailbox. Before you configure an alternate journaling mailbox, contact your legal representatives. Laws or regulations that apply to your organization may prohibit all journaled messages from being stored in the same mailbox. When you configure an alternate journaling mailbox, you should use the same criteria that you used when you configured the journaling mailbox. Notes:
Journal rule replicationBecause journal rules are stored in Active Directory, they're read and applied by the Transport service on all Mailbox servers in the organization. When you create, modify, or remove a journal rule, the change is replicated between the domain controllers in your organization. This allows Exchange to provide a consistent set of journal rules across the organization. Notes:
TroubleshootingHaving problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server. If you're having trouble with the alternate journaling mailbox, see KB2829319. |