Email Archiver for Office 365
If your business is in a regulated industry and you use Microsoft Office 365 premium email archiving you need to be aware that this service does not include some important features that are vital in securing the integrity of email data.
Your group might be experiencing a number of different issues if you are using on-site email archiving for Office 365. However, few firms are aware of this and not be in breach of industry regulations for auditing and protection by continuing to use Microsoft’s service.
Compliance Issues with Microsoft 365 Premium
Although Microsoft’s premium service has a plugin for backing up email information, it is not incorporated in the program by default. Consequently, if your business has not currently deployed and configured an Exchange-friendly VSS based backup, your disaster recovery plan will not be sufficient.
Audit signing in Office 365 is not active by default, therefore administrators need to enable this particular functionality. An additional concern is the period of time that an audit record is held. Presently, there is no audit log retention in the E1 plan, the E3 plan only retains the log data for ninety days, and it is completed annually with the E5 plan. You need to be careful to be sure that you have everything configured to be by the book.
GDPR Compliance Problems
Since 2006, it has been a legal requirement, under the Federal Rules of Civil Disclosure, to create Electronically Stored Information (ESI). Since 2018 GDPR compliance has been in place for all companies managing the private data of European Union citizens.
The GDPR regulation is particularly pertinent to email archiving for Office 365 because companies that handle or retain EU citizens private details should have mechanisms available to stop the unauthorized modification of that data. Office 365 is not able to do this. Consequently, in case a company will continue to utilize Microsoft’s default program, without an additional mechanism to avoid any unauthorized modification in place, the group is going to be in breach of GDPR and governed by a fine of as much as €20 million or 4% of the previous financial year’s annual global revenue.
If you have Office 356 and you need to achieve compliance you need to identify a third party solution to provide secure email archiving for Office 365.
To be able to reduce your costs of yours and produce faster searches, you must have a solution that deduplicates and compresses email details during the archiving process while preferably creating summaries of archived messages for more efficient email management. Obviously a mechanism for assigning access must be provided, and automated reporting choices for governance of the solution; and ideally the selected solution must support other email products along with Office 365. Exchange servers and other Exchange services.