Journal Rules
Configure Exchange Online journal rules to capture and archive email communications for regulatory compliance, legal discovery, and organizational policy requirements. Journaling creates a tamper-proof record of all email activity.
Warning: Journaling is required by regulations like SEC 17a-4, FINRA, and HIPAA that mandate retention of business communications. Ensure your journal destination meets compliance requirements.
Journal Rule List
| Column | Description |
|---|---|
| Rule Name | Display name of the journal rule |
| Status | Enabled or Disabled |
| Scope | Internal, External, or Global |
| Recipient | Specific user/group or all messages |
| Journal Address | Where journal reports are sent |
Journaling Types
Standard Journaling
Journal messages for a specific mailbox database. Available in on-premises Exchange. Not available in Exchange Online.
Premium Journaling
Journal rules that can target specific recipients, groups, or distribution lists. Available in Exchange Online.
Journal Scope
Internal
Journal messages sent between recipients within your organization only. Excludes external email.
External
Journal messages sent to or received from external recipients only. Excludes internal-only communication.
Global
Journal all messages regardless of whether they’re internal or external. Most comprehensive coverage.
Journal Report
Each journaled message generates a journal report containing:
- Original message — Complete email including attachments
- Envelope information — Actual sender and all recipients
- Bcc recipients — Hidden recipients preserved in journal
- Distribution list expansion — Individual members listed
- Message ID — Unique identifier for the message
- Timestamps — Sent and received times
Journal Destinations
Internal Journal Mailbox
Dedicated mailbox in Exchange Online to receive journal reports. Must have adequate storage for expected volume.
Warning: Not recommended for compliance — lacks tamper protection.
Third-Party Archiving Service
External email address for compliance archive (Proofpoint, Mimecast, Global Relay, etc.). Provides WORM storage and legal hold.
Note: Recommended for regulatory compliance.
Microsoft Purview
For organizations not using third-party archives, Microsoft Purview provides retention and eDiscovery capabilities as an alternative.
Creating a Journal Rule
- Rule Name — Descriptive name explaining the rule purpose (e.g., “Journal All Executive Email”).
- Journal Recipient — Target specific user, group, or distribution list. Leave blank to journal all messages matching the scope.
- Scope — Select Internal, External, or Global to define which messages are captured.
- Journal Address — Specify the email address where journal reports are delivered. Must be a valid mailbox or external address.
Common Use Cases
Financial Services Compliance
SEC and FINRA require broker-dealers to retain all business-related communications. Journal all registered representative email.
Healthcare (HIPAA)
Retain email containing PHI for required retention periods. Journal specific departments or all external communication.
Legal Hold
Preserve communications for litigation or investigation. Create targeted journal rules for custodians.
Executive Communication
Archive all email from C-level executives for governance and oversight purposes.
Alternate Journal Mailbox
Configure a fallback when the primary journal destination is unavailable:
- Stores undeliverable journal reports temporarily
- Prevents message loss during archive outages
- Should be monitored for backed-up messages
- Required for organizations with journaling requirements
Warning: If no alternate mailbox is configured and the primary journal destination is unavailable, journaled messages are returned as NDRs.
Best Practices
- Use third-party archive — For compliance, send journals to a WORM-compliant archive service.
- Configure alternate mailbox — Ensure journal reports are preserved if primary destination fails.
- Monitor journal volume — Track journal mailbox size and ensure adequate storage.
- Test delivery regularly — Verify journal reports are arriving at the destination correctly.
API Reference
GET /api/exchange/journal-rules
List journal rules
POST /api/exchange/journal-rules
Create journal rule
PUT /api/exchange/journal-rules/:id
Update journal rule
DELETE /api/exchange/journal-rules/:id
Delete journal rule
PUT /api/exchange/journal-rules/:id/status
Enable/disable rule