top of page

Managed Folder Assistant in Office 365

Updated: May 20

The Managed Folder Assistant (MFA) is an important component in the application of data governance policies for Exchange Online mailboxes.

Not only does MFA apply Exchange mailbox policies to mailboxes, but it also applies Office 365 retention policies and DLP policies. It makes sure that team compliance records are cleaned up according to the Teams-only retention policies.

MFA Work cycle

Exchange Online uses a work cycle policy to run MFA. The goal is to process mailboxes at least once weekly. Experience is that MFA usually performs better than this and that you can expect to have mailboxes processed twice a week. However, apart from noticing that some messages have been moved from a folder (perhaps to the Deleted Items folder), tthere'sno obvious outward sign that MFA has processed a mailbox. Unless that is the case, you look at the mailbox properties, which is where Exchange notes the progress of MFA.

Managed Folder Assistant that runs against mailboxes to check whether or not the messages inside them adhere to the retention policy that has been applied to the mailbox and makes the necessary changes if it does not. This can include moving old emails to an archive or deleting them entirely.

The retention policy runs automatically one time every seven days for mailboxes that are larger than 10 MB.

In Exchange Online, the schedule is set to run every seven days. According to Microsoft:

Important things to remember about Managed Folder Assistant

If we need to delete content from a mailbox or move it to a different mailbox/archive mailbox, Managed Folder Assistant is the most important service and plays a vital role.

You need to be sure that there is a Retention hold enabled on the mailbox if we need to delete the content of a mailbox. If a retention hold is enabled, it will not allow the deletion of the content even if we try to run MFA on the mailbox, as one service would retain the data and the other would delete it, and retention always takes precedence over deletion.

If we need to run MFA on a mailbox, then we need to remove it from Retention hold and post, and then we can execute the MFA command :

To remove retention hold or policy, run :

  • Set-Mailbox –IIdentity' ailbox Name’'–RetentionPolicy $Null

Once this is done, execute

  • Start-ManagedFolderAssistant -IIdentity' ailbox Name’' Secondly, we need to check that ELC processing parameter is not enabled to run MFA.

If we need to run MFA, we need to confirm that ElcProcessingDisabled is set to disabled. To check this, execute

  • Get-Mailbox –IIdentity' ailbox Name’'| fl *ElcProcess*

Ideally, there is no option in GUI through which we can check when MFA / MRM was processed on the mailbox or the tenant. We can check this using the script:

$Mbx = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited

$Report = @()

ForEach ($Min $Mbx){

$LastProcessed = $Null

Write-Host" "rocessing""$M.DisplayName

$Log = Export-MailboxDiagnosticLogs -Identity $M.Alias -extended properties

$xml = [xml]($Log.MailboxLog)

$LastProcessed = ($xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ELCLastSuccessTimestamp*"}).Value

$ItemsDeleted = $xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ElcLastRunDeletedFromRootItemCount*"}

If($LastProcessed -eq $Null){

$LastProcessed = "Not processed"}

$ReportLine = [PSCustomObject]@{

User = $M.DisplayName

LastProcessed = $LastProcessed

ItemsDeleted = $ItemsDeleted.Value}

$Report += $ReportLine


$Report | Select User, LastProcessed, ItemsDeleted

The Output looks like

10,859 views0 comments

Recent Posts

See All


bottom of page