Every message captured.
Cloud and on-premise.
One platform journals every email across Office 365 and on-premise Exchange, preserves the original message as tamper-evident evidence, and produces it on demand for legal, audit, or a regulator — with a chain of custody that holds up.
Activate, hold, and produce — every action audited.
Compliance officers and administrators work in one console. Office 365 and on-premise mailboxes have dedicated pages, sensitive data sits behind a compliance activity, and every view writes to a tamper-evident trail. Click through the surfaces a team uses every day.
| Mailbox | Source | Journaling | Last synced | Action |
|---|---|---|---|---|
AN Amani Njoroge a.njoroge@creodata | Office 365 | Active | 2m ago | View |
FA Fatima Al-Mansouri f.almansouri@creodata | Office 365 | Active | 2m ago | View |
JS João da Silva j.silva@creodata | Office 365 | Pending | 11m ago | Activate |
CX Chen Xiaoming c.xiaoming@creodata | Office 365 | Active | 2m ago | View |
AR Alex Rivera a.rivera@creodata | Office 365 | Pending | 11m ago | Activate |
LK Leila Karimi l.karimi@creodata | Office 365 | Active | 2m ago | View |
Twelve capabilities, one compliance archive.
From capture to production — each step is evidenced and audited.Every inbound, outbound, and internal message captured at the transport layer across both sources — nothing slips through.
One immutable original per message in object storage, SHA-256 hashed, with a reconciliation worker proving it landed.
A hash-chained, tamper-evident trail of every access and action, fanned out to your SIEM through a transactional outbox.
No mailbox, email, search, or export returns data without an active compliance activity scoped to the target, with expiry.
Four-eyes sign-off on the sensitive actions — body search, attachment download, PDF and eDiscovery export, hold release.
Mailbox names, UPNs, and recipients masked by default. Reveal is permission-gated and itself written to the audit trail.
Search the full archive by sender, recipient, date, subject, or content across both sources, and produce results in seconds.
Configure retention by mailbox or class, place and lift legal holds, with the full chain-of-custody record preserved.
Activate thousands of mailboxes from a CSV through a durable saga — per-row status, retry of failed rows, approval gate.
Office 365 and on-premise route through one activation service — no cloud subscription is ever created for an on-prem mailbox.
Per-mailbox EWS subscription state in the database, worker leases, and stale detection — heartbeat is never mistaken for coverage.
Least-privilege roles and separation of duties — service accounts hold only the scopes they need, enforced down to the bucket.
The original message — provably preserved, not just stored.
Every journaled email keeps exactly one original .eml in object storage, fingerprinted with SHA-256. A reconciliation worker proves it landed — a "pending" pointer is never mistaken for evidence. Download only ever happens through an audited endpoint.
Office 365 and on-premise Exchange — captured the same way.
Cloud mailboxes are journaled through Microsoft Graph subscriptions; on-premise mailboxes through EWS streaming workers with LDAP user sync. Both land in the same evidenced, audited archive — deployed on Azure or your own Kubernetes.
A storage-provider abstraction and durable orchestration mean every feature works identically in the cloud and on your own infrastructure.
Make your email defensible — across every mailbox.
See Mail Journaling capture, hold, and produce a live mailbox — cloud or on-premise — with full chain of custody.
More on Mail Journaling
Email Journaling for Microsoft 365: The Complete Guide (2026)
What email journaling is, how it differs from archiving and backup, why it matters for compliance and legal hold, deployment options on Microsoft 365, and how to choose a solution — the complete 2026 guide.
Seamless Purchase via Azure Marketplace: Simplifying Licensing & Commercial Procurement for Mail Journaling
Subscribe to Creodata Mail Journaling through Azure Marketplace for unified billing, self-service procurement, and native Azure integration—without lengthy contract cycles.
Connecting Mail Journaling with SIEM and DLP Tools
Stream mail journaling data into SIEM and DLP platforms via REST APIs and webhooks for real-time threat detection, deeper visibility, and stronger data protection.