F3 Licensed Users have a mailbox storage limit of 2GB. Fortunately the Exchange Online Archiving for Exchange Online license was purchased along with the F3 license and that gives mailboxes an additional 100GB of archive storage. We have no automation in place with retention policies to move email to an archive folder at the moment but with this change to our license structure we are testing our procedure for circumventing the pains that are brought with having a 2GB storage limit on mailboxes.
For best practices this was read and followed to a certain point - we will not be placing the MRM policy created for this organization wide but to the users with the F3 license only defined in our new user creation script: https://learn.microsoft.com/en-us/purview/set-up-an-archive-and-deletion-policy-for-mailboxes
Message Record Management (MRM) has a default policy that applies to every mailbox created in our tenancy. We will be swapping this to the custom MRM policy created for F3.
Created two MRM Retention Tags -
F3 Auto Archive (Archive email older than 365 days)
F3 Deleted Emails Purge After 1 Month (Delete emails in Deleted Items after 30 days with option for recovery within 14 days)
Attached the two retention tags to the MRM Retention policy titled F3 Archive and Deletion Policy.
My test user has been testuser@solvingtech.info - according to documentation this tagging process is done in cycles and it may not complete in just one cycle. So my tests may take more than 24 hours to completely go through an inbox with email already built up.
First and foremost the user mailbox MUST have archive enabled. Otherwise this policy will not work. For now manually enabled Archive on just this one test user. Manually switched the MRM policy to the F3 Archive and Deletion Policy and ran this to kick it off the cycling now: start-managedfolderassistant -identity "testuser@solvingtech.info"
get-mailbox -identity "testuser@solvingtech.info" | Select RetentionPolicy #to confirm if the MRM policy is assigned as it should be
Next steps are automating the process of enabling archival and this MRM policy to newly created F3 Licensed Users. This snippet is apart of my new user creation script where $SamAccountName is defined earlier and I have a phase where it gets groups based on Department AD attributes
$SamAccountName = "user@solvingtech.info"
$addToGroup = Read-Host "Do you want to add $SamAccountName to a M365 License Group? (Y/N)"
if ($addToGroup -eq "Y") {
#Choose the group
$groupChoice = Read-Host "Choose the group to add $SamAccountName to:`n1 for Microsoft 365 G3 GCC`n2 for Microsoft 365 F3 GCC"
if ($groupChoice -eq "1") {
$group = "Microsoft 365 G3 GCC"
} elseif ($groupChoice -eq "2") {
$group = "Microsoft 365 F3 GCC"
} else {
Write-Host "Invalid group choice. Please enter '1' or '2'."
return
}
#Attempt to add the user to the selected group
try {
Add-ADGroupMember -Identity $group -Members $SamAccountName -ErrorAction Stop
Write-Host "User '$SamAccountName' was successfully added to group '$group'."
} catch {
Write-Host "Failed to add $SamAccountName to group '$group': $_"
}
}
########################################################################################
if ($SamAccountName -and $UserPrincipalName) {
Write-Host "Checking if user needs custom F3 MRM policy and archiving enabled."
$f3GroupName = "Microsoft 365 F3 GCC"
$mrmPolicy = "F3 Archive and Deletion Policy"
try {
#Verifying variables are filled
if (-not (Get-Command Set-Mailbox -ErrorAction SilentlyContinue)) {
throw "Exchange Online PowerShell is not connected or available."
}
$f3GroupDN = (Get-ADGroup -Identity $f3GroupName -ErrorAction Stop).DistinguishedName
#Get user and check group
$adUser = Get-ADUser -Identity $SamAccountName -Properties MemberOf -ErrorAction Stop
$isInF3Group = $adUser.MemberOf -contains $f3GroupDN
if ($isInF3Group) {
Write-Host "$UserPrincipalName is in '$f3GroupName'. Applying archive and MRM policy..."
Set-Mailbox -Identity $UserPrincipalName -RetentionPolicy $mrmPolicy -ErrorAction Stop
Enable-Mailbox -Identity $UserPrincipalName -Archive -ErrorAction SilentlyContinue
Write-Host " → Archive enabled and MRM policy '$mrmPolicy' applied."
} else {
Write-Host "$UserPrincipalName is not in '$f3GroupName'. Skipping."
}
} catch {
Write-Warning "Error in archive/MRM setup for $UserPrincipalName → $_"
}
} else {
Write-Warning "User identifiers are not set. Cannot proceed with archive/MRM setup."
}