Internet email received through EOP is not journaled in an Exchange Server hybrid environment

Applies to: Microsoft 365Exchange Server

Symptoms


Consider the following scenario:

  • You deploy on-premises servers that are running Microsoft Exchange Server in a hybrid Exchange and Microsoft Office 365 environment.
  • You enable the journal rules on the servers.
  • Your mailbox is located in the on premise and set up the email address of an on-premises archiving mailbox or a third-party archiving service as the journaling mailbox.
  • You do not create journal rules in Office 365.
  • Your mail exchanger (MX) record points to Office 365 Exchange Online Protection (EOP).
  • You receive an email message from an Internet source through EOP.

In this scenario, the messages that are sent from the on-premises servers that are running Exchange are journaled as expected. However, the messages that are received from Office 365 or from the Internet are not journaled.

Cause


This issue occurs because the message that originates from Office 365 or that is processed by EOP is added by having the following specific internal header:

X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent 

This header identifies messages that have been processed by the Exchange Journaling agent. If the header is included in a message, Exchange Server recognizes that the message has already been processed by the Journaling Agent on a previous Hub Transport server. Therefore, it does not journal the message again.

Resolution


To resolve this issue, go to Office 365, navigate to EAC > Compliance Management > Journal Rules, and then create the same journal rules as exist on the on-premise servers that are running Exchange.

More information


In a hybrid environment, there's no replication of journal rules between your on-premises Exchange organization and Office 365. Therefore, when you create a rule in Exchange Server, you have to create a matching rule in Office 365.

Rules that you create in Office 365 are stored in the cloud, whereas the rules you create in your on-premises organization are stored locally in Active Directory. When you manage rules in a hybrid environment, you have to keep the two sets of rules synchronized by making any changes in both locations.