Types of holds in Office 365
Microsoft 365 offers several ways that your organization can prevent mailbox content from being permanently deleted. This allows your organization to retain content to meet compliance regulations or during legal and other types of investigations
Litigation Hold : Holds that are applied to user mailboxes in Exchange Online.
eDiscovery hold : Holds that are associated with a Core eDiscovery case in the security and compliance center. eDiscovery holds can be applied to user mailboxes and to the corresponding mailbox for Microsoft 365 Groups and Microsoft Teams.
Microsoft 365 retention policies : Can be configured to retain (or retain and then delete) content in user mailboxes in Exchange Online and in the corresponding mailbox for Microsoft 365 Groups and Microsoft Teams. You can also create a retention policy to retain Skype for Business Conversations, which are stored in user mailboxes.
‘Archiving’, ‘retention policies’, and ‘litigation holds’ are different terms related to Exchange Online data retention, and administrators should be aware of when to use what.
Litigation Hold helps you place user mailboxes on hold, i.e., retain all the contents of a mailbox, including deleted items and the original versions of modified items. It is a functionality of the eDiscovery feature in Exchange Online that is helpful in freezing crucial data. When a mailbox is placed on litigation hold, Items in the user's primary and the archive mailboxes (if enabled) are retained.
When you create a litigation hold, you can specify the time duration for which you want the items retained, after which they will be deleted. You can also just place an infinite hold on the mailbox, wherein the content will be retained indefinitely unless you remove the hold.
As the name suggests, the primary function of a Litigation Hold is to protect data in case there is a lawsuit in action, and some emails might be evidence. In fact, that is what the whole eDiscovery is there for. But you can use it, as many other companies do, as a means to backup sensitive data, just in case.
A Litigation Hold process usually goes through a lifecycle such as the below:
1. A Trigger event (like a court order or a notification from the internal legal team)
2. Analyze the duty to preserve
3. Define the scope of the hold – the custodians, the type of data, etc.
4. Implement the Hold
5. Enforce the Hold
6. Modify the Hold (as needed)
7. Frequently Monitor the Hold
8. Remove the Hold
Is integrated with In-Place eDiscovery. Allows you to search and preserve all or selected based on time or/and query parameters.
This type of hold is a query-based hold where you can apply the hold either on a complete mailbox or the content of the mailbox based on date, time, subject, sender, recipient, etc.
This is now often called as a legacy search hold and is now replaced by retention hold.
Whenever “Litigation” hold is disabled for a mailbox, automatically Delay hold is applied to that specific mailbox.
This type of hold is applied and is kept intact for 30 days. In case if we need to manually / forcefully remove a mailbox using PowerShell command, we need to remove the delay hold if litigation hold was recently removed.
Organization Wide Hold
This type of hold is applied when the hold is placed on the entire organization and contents.