Using Journal Rules, organizations can keep track of correspondences. This can be used to ensure quality by implementing journal rules that catalog all of the email messages sent by the sales staff to anybody outside the organization. Journal rules can also be used to ensure that individuals within the organization are in compliance with regulatory requirements, such as those set forth in the Sarbanes-Oxley Act or Health Insurance Portability and Accountability Act (HIPAA).
Office 365 allows the use of journal rules to help organizations meet their own needs. Journal rules must be set up by one of the Office 365 administrators. They cannot be set up by individual users.
Whenever a message is sent or received in Office 365, it is checked against all of the journal rules in the organization. An email can be processed against multiple journal rules, and for each journal rule that it matches, there is an action taken to journal the message. The message is either mailed as an attachment (also called envelope journaling) or sent (copied) in its entirety to a mailbox that has been set up to be the recipient of mail journals.
Before you set up a journal rule, you should first pick somebody to get the notification that a journal report was not able to be delivered. For example, you could have set up a mailbox to receive the journal reports for a department, but that mailbox is having problems receiving mail. In that case, the journal reports fail to be delivered. Since those journal reports may not only be useful but a legal requirement, it’s very important that the journal reports are available. The non-deliverability report is your failsafe for delivery errors to the journaling mailbox.
Here are the steps to set up a mailbox for the undeliverable journal reports:
Now that you’ve set up somebody to receive any undeliverable reports, you can start setting up journal rules for Office 365.
Journal Rules have a set of options that define exactly when they are applied. Those options are the recipients, the scope, the reports, and the mailbox.
Journal Recipients are the people that you’re journaling. This can either be a group of people, or individuals. If you specify a group, you’re journaling each person in the group. You are not just journaling messages that are sent to the entire group as a distribution list. There is also an option for journaling all of the people in your organization. Recipients in this case can be the sender or receiver of the messages.
Journal Rule Scope identifies which messages to the recipients are to be journaled. The available options for this setting are:
Journal Reports is what’s delivered. It’s the actual journal entry for the message. The report is sent to the journaling mailbox. The report contains in the body of the message the details about the journal: Who sent it, who it went to, what the subject was, and when it was sent. It also includes the full text of the email message as an attachment.
Journaling Mailbox is the mailbox that is set up to receive the journal reports. It can be a single mailbox, or you can be granular and set up one mailbox for each of the journal rules. Since this is used to keep a record of potentially sensitive information, you should define specific rules for who has access to the journaling mailboxes. Be sure you don’t leave it wide open for anyone to access. You may also want to set up auditing for the journaling mailboxes. For more information about how to set up mailbox auditing, check out the Petri IT Knowledgebase article, “Understanding Mailbox Auditing in Office 365.”
Journaling rules are rules set up to automatically save copies of specific messages sent either to or from a certain person or group. There are many reasons that your organization may want or need to define journal rules: To ensure compliance with regulatory standards; To enforce legal requirements; And verify that company policies are being adhered to. There are no limits to how many journal rules an organization may have in effect, and one person or group can be the recipient on multiple journal rules.
Journal reports can be scoped to either journal messages sent to only internal staff (where it is sent by an internal person and it is sent to at least one internal recipient), only to external staff (sent or from anybody if even one recipient is outside the organization), or applied to all messages, regardless of whether the message is internal or external.
Journal reports are sent to a Journaling mailbox that has been set up to receive the audit reports. In the event that a report is unable to be delivered to the journaling mailbox, a notice is sent to the person that has been set up to receive the undeliverable report notification. It’s important to remember that nobody is set up to receive those reports by default, and you should set up someone to receive them before you begin making journal rules.
Journal mailboxes should also be set up to ensure that only authorized people have access to them. They may contain sensitive information in them and should never be left open for everyone in the organization.