The Managed Folder Assistant (MFA) is an important component in the application of data governance policies for Exchange Online mailboxes.

Not only does MFA apply Exchange mailbox policies to mailboxes, it also applies Office 365 retention policies and DLP policies. And it makes sure that Teams compliance records are cleaned up according to the Teams-only retention policies.

MFA Work cycle

Exchange Online uses a work cycle policy to run MFA. The goal is to process mailboxes at least once weekly. Experience is that MFA usually performs better than this and that you can expect to have mailboxes processed twice a week. However, apart from noticing that some messages have been moved from a folder (perhaps to the Deleted Items folder), there’s no obvious outward sign that MFA has processed a mailbox. Unless that is you look at the mailbox properties, which is where Exchange notes the progress of MFA.

Managed Folder Assistant that runs against mailboxes to check whether or not the messages inside them adhere to the retention policy that has been applied to the mailbox, and makes the necessary changes if it does not. This can include moving old emails to an archive, or deleting them entirely.

The retention policy runs automatically one time every seven days for mailboxes that are larger than 10 MB.

In Exchange Online, the schedule is set to run every 7 days. According to Microsoft:

Important things to remember about Managed Folder Assistant

If we need to delete contents from a mailbox or move it to a different mailbox / archive mailbox, Managed Folder Assistant is the most important service and plays a vital role.

You need to be sure that there is Retention hold enabled on the mailbox if we need to delete the content of a mailbox. If Retention hold is enabled, it would not allow to delete the content even if we try to run MFA on the mailbox as one service would retain the data and the other would delete it and Retention always takes precedence over Deletion.

If we need to run MFA on a mailbox, then we need to remove it from Retention hold and post then we can execute the MFA command :

To remove retention hold or policy, run :

• Set-Mailbox –Identity ‘Mailbox Name’ –RetentionPolicy $Null

Once this is done, execute

• Start-ManagedFolderAssistant -Identity ‘Mailbox Name’

Secondly, we need to check that ELC processing parameter is not enabled to run MFA.

If we need to run MFA, we need to confirm that ElcProcessingDisabled is set to disabled. To check this, execute

• Get-Mailbox –Identity ‘Mailbox Name’ | fl *ElcProcess*

Ideally there is no option in GUI through which we can check when was MFA / MRM processed on the mailbox or the tenant. We can check this using the script:

$Mbx = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited

$Report = @()

ForEach ($Min $Mbx){

$LastProcessed = $Null

Write-Host"Processing" $M.DisplayName

$Log = Export-MailboxDiagnosticLogs -Identity $M.Alias -ExtendedProperties

$xml = [xml]($Log.MailboxLog)

$LastProcessed = ($xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ELCLastSuccessTimestamp*"}).Value

$ItemsDeleted = $xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ElcLastRunDeletedFromRootItemCount*"}

If($LastProcessed -eq $Null){

$LastProcessed = "Not processed"}

$ReportLine = [PSCustomObject]@{

User = $M.DisplayName

LastProcessed = $LastProcessed

ItemsDeleted = $ItemsDeleted.Value}

$Report += $ReportLine

}

$Report | Select User, LastProcessed, ItemsDeleted

The Output looks like: