Governing Exchange Online Usage with Policies

Exchange Online in Office 365 has many policies for configuring and controlling the types of clients users can connect to the service with, and the ability to configure data storage, compliance, and security. Three main policies used to govern end-user behavior are Client Access, ActiveSync, and Retention policies as explained here.

Restricting Access to Exchange Online using Client Access Policies

End-users can access Exchange Online with many different clients: the desktop Microsoft Outlook, Outlook Web App, and a plethora of mobile devices including Windows Phones, iPhones, Android devices, and many different types of tablets.

See Clients and mobile in Exchange Online in Microsoft TechNet for more information.

Configuring Mobile Access with Exchange Online ActiveSync Policies

ActiveSync (aka EAS) is used by almost all mobile devices to connect to Exchange Online in O365 for email, Calendar, and Contacts. Enterprises can control mobile who can connect, and who they can connect through ActiveSync mobile policies.

There are few default policies (just one in an E3 tenant). Exchange Online customers can create their own custom policies through PowerShell vis-a-vis the Set-ActiveSyncMailboxPolicy cmdlet.

All the setting that can be customized in an ActiveSync policies are show in this TechNet article: Mobile device mailbox policies in Exchange Online.

Configuring Mail Retention with Retention Policies in Exchange Online

Exchange Online retention policies governs the setting of tags which control email storage. This policy is used for Messaging Records Management (MRM) and the most common use-case setting how long email is kept before it is archived and/or deleted. This is a common business requirement to meet legal and regulatory requirements and improve end-user storage management.

The most important point here is it will not control (by default) a user from deleting a message (manually). Retention policies only govern how long the message stays in the mailbox before it is moved out for archiving or deletion.

See Security and compliance for Exchange Online on TechNet for more information.

Good References

Restrict Access to Office 365 Exchange Online: Limiting by Network, IP, Client, Group or Policy

Mobile device mailbox policies in Exchange Online

Default Retention Policy in Exchange Online and Exchange Server

Office 365 – Common Confusion with Email Retention Policies


Leave a Reply