Route journal messages to Google Vault

You can set up Google Workspace and Gmail to keep Microsoft Exchange journal messages in Google Vault. Use the Inbound email journal acceptance in Vault setting to specify which messages to keep and for how long. You can also specify IP address ranges for journaling, and create custom messages for emails that aren't sent to Vault.

To keep a user's messages in Vault, the user must have a Google Workspace account with Gmail turned on.

More about Microsoft Exchange journaling

Step 1: Set up a receiving account in Google Workspace

Create an account and email address that is in your domain but isn't used by anyone in your organization. For example, if your domain is solarmora.com, add an email address such as exchange-journal@solarmora.com.
This account must have a Google Workspace license that supports Vault. To check if the account supports Vault, visit License requirements.
Put the account in its own organizational unit. For detailed steps, visit Add an organizational unit and Move users to an organizational unit.
(Optional) This account isn’t associated with anyone in your organization, and people in your organization shouldn't send messages to the email address. So, you may want to hide it your Directory. For detailed steps, visit Hide a user from the Directory.

Step 2: Set up Gmail message retention in Vault

Sign in to vault.google.com.
Click RetentionCustom RulesCreate.
Under Service, select Gmail, then click Continue.
Under Organizational unit, select the organizational unit you created in Step 1: Set up the receiving account.
Click Continue.
Under Conditions, specify which messages are affected by this setting:
- Date sent: If you specify only a start date, the rule applies to all messages sent after that date. If you specify only an end date, the rule applies to all messages sent before that date.
- Terms: Use terms to specify which messages to keep. For example, to keep only messages received from external users, enter NOT from:*@your-domain. Or, to retain only messages sent to external users, enter NOT to:*@your-domain.
  You can use all supported search operators except wildcards (*). If your key phrase or value starts with a hyphen, such as -1000%, put it in quotation marks so it’s not interpreted as a NOT operator. You can't use is:chat to apply a Gmail retention rule to chat messages in Google Chat. To set retention rules for chat messages, set a Chat retention rule. We recommend you test your terms in a Vault search to make sure they match data as you expect
Click Continue.
Under Duration, set how long to keep messages:
- Indefinitely: Permanently keeps messages affected by this rule.
- Retention period: Delete messages after a time that you specify. Enter the time in number of days, from 1 to 36,500.
  Journal messages can accumulate quickly and can't be deleted manually. We recommend that you purge all messages when the retention period expires. This way, you don’t keep messages you no longer need and you might save on eDiscovery costs.
If you set a retention period in Step 8, choose what to do with messages when the retention period ends:
- Purge only permanently deleted messages: Deletes messages that have already been deleted from the users' Trash.
- Purge messages from Gmail mailboxes and permanently deleted messages. This rule doesn’t affect drafts: Deletes all messages, including messages that aren't deleted in Gmail. Doesn't delete drafts or email templates.
- Purge messages from Gmail mailboxes and permanently deleted messages. This rule purges drafts: Deletes all messages, including messages that aren't deleted, drafts, and email templates, choose the third option.

Important: Don’t set a hold on the email address that you set up in Step 1: Set up the receiving account. Holds prevent all messages from being deleted.

Step 3: Set up Gmail to accept journal messages

Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
Go to Menu Apps > Google Workspace > Gmail > Routing.
Requires having the Gmail Settings administrator privilege.
(Optional) To apply the setting only to some users, at the side, select an organizational unit (often used for departments) or configuration group (advanced). Show me how
Group settings override organizational units. Learn more
Scroll to Inbound email journal acceptance in Vault and check the Enable box.

In the settings below the Enable box, take these steps:

Setting option	What to do
Receive journal messages at the following address.	Enter the email address you set up in Step 1: Set up a receiving address in Google Workspace.
Only accept journal messages from this sender	(Optional) Rejects messages from all senders except from the preferred sender that you enter here. This address must match the exact From address that your Exchange server uses for journal messages. If you use multiple Exchange servers, we recommend leaving this field blank.
Bounce email address for failed journal deliveries	Enter an email address to get bounce messages for journal messages. Be aware that journal bounce messages can impact email server performance.
Reject journal messages that are not DKIM/SPF authenticated	(Optional) Select this option to prevent journaling messages that haven't been authenticated by DKIM and SPF. This is the default selection.
Reject journal messages for unrecognized recipients	(Optional) Select this option to prevent journaling messages that don't include at least one recognized recipient. This is the default selection. If any of unrecognized users are aliases or aren’t licensed for Vault, Exchange continually logs the event and retries the message. You'll get repeated Exchange errors. When this option isn't selected, journal messages to unrecognized users are rejected dropped without a notification. As a result, you can’t identify which users’ messages aren’t being retained. If you have users who aren’t licensed for Vault but should be, you can't identify them from journaling. To avoid this, we recommend all impacted users have a Vault license.
IP addresses/ranges	(Optional) Only accept journal messages from certain IP ranges. Messages outside the range are rejected. Click Add, enter the IP address ranges of your Exchange servers, then click Save. If these IP ranges are not hosted IP ranges shared among multiple customers, include the journal IP ranges in the inbound mail gateway. For details, go to Set up an inbound mail gateway.
Edit the default rejection notice	(Optional) Create a custom message for journal bounce messages. The bounce message contains both your custom text and the default bounce text.

Click Save.

Changes can take up to 24 hours but typically happen more quickly. Learn more

You can track changes in the Admin console audit log.

Step 4: Set up the Exchange server to forward journal messages

If you’re using Exchange Online, follow these steps instead.

Expand all | Collapse all & go to top

1. Before you begin

2. Create SMTP contact & configure settings

To forward journal messages in your journaling mailboxes to the receiving address, you must add a new contact or update an existing contact in Microsoft Active Directory. Microsoft refers to this contact as the custom SMTP recipient because the Exchange journaling server forwards all journal messages to your receiving address using SMTP.

Create a new SMTP contact

Open Active Directory Users and Computers.
Right-click the organizational unit where you want to create the contact and select NewContact.
The custom SMTP recipient must match the email address that you added in the Receive journal messages at the following address field (above on this page).
Enter the following information:
- First Name: Google
- Last Name: Vault
- Display Name: Google Vault
Click OK.
On the Mailbox server, open the Exchange Management Console.
Expand Recipient Configuration, right-click Mail Contact, and select New Mail Contact.
Click Existing Contact, select the Google Vault contact you just created, and click OK.
Click Next.
For External Email Address, click Edit and enter the same address that you created for the receiving account (above on this page), for example, exchange-journal@solarmora.com.
Click OKNextNew.

Configure the message format settings

In Exchange 2007, journal reports are sent in S/TNEF format. In Exchange 2007 SP1 and Exchange 2010, you can send journal reports in S/TNEF or MIME. Use MIME output for journal reports. MIME is only supported with Exchange 2007 SP1 and newer versions of Exchange. Earlier versions are not supported. For more information about Exchange versions, refer to your Microsoft documentation.

On the Mailbox server, open the Exchange Management console.
Expand Recipient Configuration and select Mail Contact.
Select the SMTP contactclick Properties.
Click General and for Use MAPI rich text format, click Never.
With this setting, journal reports are sent in MIME rather than S/TNEF.

3. Set up journaling mailbox & create distribution list

4. Turn on journaling

Depending on your version of Exchange, you can turn on standard or premium journaling. With standard journaling, you configure journaling for each relevant mailbox database. With premium journaling, you configure rules that identify the groups of senders and recipients for whom messages are journaled. For details on the type of journaling your Exchange version supports, consult your Microsoft documentation.

Depending on the size of your organization and the configuration of your rules, you may have one or many journaling mailboxes. In circumstances where you have numerous journaling mailboxes with large volumes of journal reports, you might want to dedicate specific resources to those mailbox databases.

Turn on standard journaling

Open the Exchange Management Console.
Expand Server Configuration select Mailbox.
Select the server for the mailbox database where you want to turn on journaling.
Right-click the mailbox databaseclick Properties.
Click GeneralJournal Recipient.
For Send Journal reports to, click Browse, select Journal Recipient (the distribution list that you created of recipients of journaled messages), and click OK.
Click OK.
All journaled messages for users on this mailbox database are now sent to the Journal Recipient distribution list.
Repeat the steps for each mailbox database where you want journaling.

Turn on premium journaling

Ensure that the Journaling agent is enabled on the Hub Transport server:
- Issue the Get-TransportAgent command. If an agent name is not returned, the agent is not enabled.
- If needed, to enable the Journaling agent, issue the Enable-TransportAgent -Identity “Journaling agent” command.
On the Hub Transport Server, open the Exchange Management Console.
Expand Organization Configuration and select Hub Transport.
Click JournalingNew Journal Rule and enter a name for the journal rule.
For Send Journal reports to, click Browse and select Journal Recipient (the distribution list that you created of recipients of journaled messages).
For Scope, select the scope of the journal rule.
- To apply the rule to a single recipient (for Journal Messages for Recipient), click Browse and select the appropriate recipient.
- To apply the rule to multiple recipients (for Journal Messages for Recipient), click Browse and select the appropriate distribution list.
Click NewFinish.
All journaled messages for users on this Hub Transport server are now sent to AMaster.
Repeat the steps for each Hub Transport server where you want journaling.

5. Create policy to delete messages from journaling mailbox

To ensure sufficient storage space for journal reports, you must create a Managed Content Setting rule to automatically delete all messages from the Inbox folder, at an interval you specify.

We suggest that you initially set this interval to every 7 days. Then, monitor the journaling mailbox size during the first few weeks after you turn on journaling and adjust the interval as needed. If you want to include all journal reports in your scheduled backups, set an appropriate interval to ensure that journal reports are not deleted before the backup runs.

Step 1: Create a managed content setting for the Inbox folder

In the Exchange Management Console, expand Organization Configuration and select Mailbox.
Click Managed Default Folders and select Inbox.
In the action pane, click New Managed Content Settings to open the New Managed Content Settings wizard.
For Name, enter Google Vault Content Setting.
For Message Type, select All Mailbox Content.
Check the Length of retention period day(s) box.
Enter the number of days that you want to retain messages.
For Retention period starts, select When delivered, end date for calendar and recurring tasks.
For Action to take at the end of retention period, select Permanently delete.
Click Next Next to bypass the Journal page.
Click New Finish.

Step 2: Create a managed folder mailbox policy

In the Exchange Management Console, expand Organization Configuration and select Mailbox.
In the action pane, click New Managed Folder Mailbox Policy to open the New Managed Folder Mailbox Policy wizard.
For Managed folder mailbox policy name, enter Google Vault Policy.
For Specify the managed folders to link with this policy, click Add to open the Select Managed Folder dialog box.
Select Inboxclick OK.
Click New Finish.

Step 3: Apply the managed folder mailbox policy to the journaling mailbox

In the Exchange Management Console, expand Recipient Configuration and select Mailbox.
Right-click Archive Master and select Properties.
Click Mailbox SettingsMessaging Records Management and select Properties.
Check the Managed folder mailbox policy box and click Browse.
Select Google Vault Policy and click OK.
Click OK to confirm.

Step 4: Configure the Managed Folder Assistant to run the policy

In the Exchange Management console, expand Server Configuration and select Mailbox.
Right-click the Mailbox server that hosts the Archive Master journaling mailbox and click Properties.
Click Messaging Records Management and for Schedule the Managed Folder Assistant, select Use Custom Schedule and click Custom.
For Schedule, select the times and days for the managed folder assistant to run.
We suggest running the assistant during off-peak hours.
Click OK.

6. Remove journaling mailbox from Global Address List

7. Prevent email from going directly to journaling mailbox

_{Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.}

Choose a section to give feedback on

Was this helpful?

How can we improve it?