Exchange service policies at IU

To view all the content available to you here, use the green Log in button at the top of this page to log into the Knowledge Base.

On this page:

Dependent policies

The Exchange service at Indiana University is bound by all applicable existing Information and IT policies.

Account policies

  • All IU students, faculty, staff, and affiliates are eligible for Exchange accounts.
    Any mail sent to from a system outside IU will be rejected, generating a bounce message to the sending system. Be sure your mail is sent to
  • Account generation:
  • Disk space policies:
    • Primary user accounts in a paid status at IU are allotted 100 GB of storage capacity, while affiliates and group accounts are allotted 50 GB. There is no provision for expansion.

      To determine how much data you have saved in your Exchange mailbox (that is, Inbox and folders), see Check the storage space of your IU Exchange account.

  • Data restoration policies:
    • UITS will restore Exchange data only due to a system failure.
    • UITS will not restore single messages or single mailboxes.
      • Take care when deleting items.
      • Deleted messages are moved to the Deleted Items folder, where you may recover them.
      • To use the Deleted Items folder as an effective recovery mechanism, turn off Microsoft Outlook's Empty Deleted Items at exit option.
      • For a certain number of days, you can undo deletions after they have left the Deleted Items folder. See Recover deleted items from Exchange at IU.
  • Object removal policies:
    • If someone has left the university and the department requires an "Out of Office" notification to redirect mail to another account, contact to request one.
    • If a deactivated account owns a meeting series, participants should decline the invites, and someone else should recreate the meeting from another account.

Institutional data

IU Exchange accounts are appropriate for storing institutional data elements classified as University-internal.

Official classifications for institutional data at IU are defined in Management of Institutional Data (DM-01). If you have questions about the classifications of institutional data at IU, see Classification levels of institutional data, use the Data Sharing and Handling (DSH) tool, or contact the appropriate Data Stewards. To determine the most sensitive classification of institutional data you can store on any given UITS service, see Choose an appropriate storage solution.


Do not send or receive Critical or Restricted data via email unless it is required by your role within the university. Instead of email, use Secure Share to share any Restricted or Critical data. If you are sharing personally identifiable information (PII) classified as University-Internal data (for example, names, University IDs, student addresses, etc.) via Exchange mail, best practice is to limit the data set to 100 or fewer individuals; to share larger data sets, use Secure Share. If you are unsure whether email is appropriate for a particular situation, consult with the appropriate Data Stewards and the UIPO. Always force encryption for messages that contain Restricted or Critical data. This is especially important since any recipient may forward messages you send or have IU email configured to automatically forward all messages to an outside email account. IU mail servers use Office Message Encryption (OME) to encrypt messages sent to external recipients. For more, see About confidential information in email.

Address book

  • Naming conventions:
    • All address book objects (that is, entries in the IU Exchange Address Book) must adhere to the following formats:
      • Contacts: LastName, FirstName Initial
      • Resources: Must follow ADS naming convention (for example, IN-UITS-ETLarge)
      • Distribution lists: Must follow ADS naming convention (for example, BL-UITS-ESST) or already exist in the @indiana namespace
    • Departmental identifiers that adhere to the IU given code will take precedence over unofficial departmental or workgroup codes.

System maintenance

Maintenance is performed by the vendor (Microsoft), and is designed to not be impactful to clients. For unplanned outages, see Status.IU and Microsoft 365 Service health status.

Exchange Online Protection

Microsoft Exchange has a series of spam, phishing, junk, and other mail security settings collectively called Exchange Online Protection (EOP). IU deploys a variety of these settings, including Safe Links and Safe Attachments. There is no ability for IU Exchange accounts to opt out of these security settings, individually or in total.

Log requests

To request logs or activity reports from this system, contact the Support Center.

If the request for information involves someone other than the requester, or if the log information will be used in support or defense of an investigation, the request must be sent to the University Information Security Office (UISO) via UISO staff will then determine the context of the request, as well as the authorization required; for more, see Privacy of Electronic Information and Information Technology Resources (IT-07).

Related documents

This is document arlf in the Knowledge Base.
Last modified on 2024-04-15 10:12:37.