So an employee has left the company and you now need to archive the mailbox due to legal and/or company policies.
This article will give you a quick overview on how you can achieve this goal on an Office 365 mailbox while maintaining the integrity and security of your organisation’s 365 account.
Although not necessary, I recommend (as a pre-requisite) disabling account ‘sign-in’ capabilities and resetting the user account password.
This will prevent the user from logging in to the account and messing around with it whilst you are attempting to archive their mailbox.
PowerShell is involved in this process to give the administrator account ‘read’ privileges to the mailbox you want to archive.
- First make sure you have the remote signed execution policy set to true. You can do this by running PowerShell in admin mode and running: Set-ExecutionPolicy RemoteSigned
- Next, run the following to authenticate your self and import PowerShell commands to your local session:
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Give the administrator account privileges to read mailbox content
- Use the following command to add permissions to the administrator account to view the user mailbox (or see my other article which also tells you how to do this en masse @ Grant and Revoke Access to Mailboxes – Office 365):
Add-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All
Archive Process
Assuming you have set-up the Administrator’s Outlook account set-up on your machine, you can follow the steps below. If you haven’t set up the administrator’s Outlook account, you can do this easily by going to Control Panel –> Mail –> Show Profiles –> Add
- Open Outlook under the administrator’s profile
- Go to: File –> Account settings –> Account Settings –> Change –> More settings –> Advanced tab –> Add
- Type the mailbox you want to open
- After you have opened the mailbox, go to: File –> Open –> Import –> Export to a file –> .pst –> do not enter a password at this stage as the algorithm used here is weak
- Export to where-ever you wish but as best practice, encrypt the file and wipe the original .pst from where-ever you stored it.
- Ensure there are no remnants left of the archived user’s .pst @ C:\Users\YourUserName\AppData\Local\Microsoft\Outlook. If there are, wipe them.
Revoke permissions from the administrator account to view the mailbox
Removing the permission is just as easy as adding it. Simply substitute ‘Add-MailboxPermission’ with ‘Remove-MailboxPermission’ (or see my other article which also tells you how to do this en masse @ Grant and Revoke Access to Mailboxes – Office 365):
Remove-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All