Tutorial / Cram Notes
Applying mailbox holds within Microsoft Exchange Online is a vital function for organizations that need to preserve email and other mailbox content for legal, regulatory or other compliance reasons. As an Information Protection Administrator preparing for the SC-400 Microsoft Information Protection Administrator exam, understanding the types of holds, how to apply them, and their implications is crucial.
Types of Mailbox Holds
There are several types of holds that can be applied to mailboxes in Exchange Online:
- Litigation Hold: When a mailbox is placed on litigation hold, the contents of the mailbox are preserved indefinitely. This hold is used when there is a reasonable anticipation of litigation.
- eDiscovery Hold: As part of the In-Place eDiscovery & Hold tool in the Exchange Admin Center (EAC), eDiscovery hold allows you to specify search queries and date ranges to retain items that meet certain criteria. It can be either query-based or indefinite.
- Retention Hold: Part of the Microsoft 365 compliance features, retention policies can be applied to mailboxes to manage the lifecycle of emails and other mailbox items.
Applying a Litigation Hold
To apply a Litigation Hold, you’ll use the Exchange Management Shell (EMS) or the EAC.
Using the Exchange Admin Center:
- Navigate to the Exchange admin center.
- Go to Recipients > Mailboxes.
- Select the mailbox to which you want to apply the hold.
- Click “Edit” (pencil icon) to open the properties for the mailbox.
- On the mailbox properties page, click “Mailbox features”.
- Under “More options,” select “Litigation hold.”
- Enter the required information, such as the duration of the hold (if applicable) and the hold reason.
- Save changes.
Using the Exchange Management Shell:
To place a mailbox on litigation hold using PowerShell, issue the following command:
Set-Mailbox “User’s Identity” -LitigationHoldEnabled $true -LitigationHoldDuration 365 -LitigationHoldOwner “Owner’s Identity” -LitigationHoldNotes “Reason for hold”
This example command places a hold on the mailbox for 365 days with a specified reason for the hold.
Applying an eDiscovery Hold
For an eDiscovery hold, you’ll use the Security & Compliance Center.
- Go to the Security & Compliance Center > eDiscovery > Advanced eDiscovery.
- Create or select an existing case.
- Select the “Hold” option.
- Name your hold and add the necessary descriptions.
- Specify the mailboxes and content you want to place on hold.
- Create the hold to apply your settings.
Remember that eDiscovery holds can be applied to content across Microsoft 365 services, not just Exchange Online mailboxes.
Retention Policies for Mailbox Holds
Retention policies are applied through the Microsoft 365 compliance center.
- Navigate to the Microsoft 365 compliance center > Solutions > Information governance > Retention.
- Create or modify a retention policy.
- Assign the policy to specific users, groups, or the entire organization as required.
- Define whether to retain content, delete it, or both when the content reaches a certain age.
- Save the policy and apply it.
Important Considerations
- User Experience: Users may or may not be aware of holds on their mailboxes, depending on how the holds are communicated and the organization’s policies.
- Search Performance: Applying extensive holds across many mailboxes or a large volume of content may impact search performance.
- Storage: Content on hold does not count against a user’s mailbox quota, but it will still utilize storage within the tenant.
- Legality: Always confirm that holds are applied in a manner consistent with legal requirements and organizational policies.
In summary, applying mailbox holds is a critical competency for the Information Protection Administrator. Whether you’re using litigation hold for legal preservation, eDiscovery hold for specific case-related content, or retention policies for data governance, it’s essential to understand the use cases and the technical steps to implement these holds effectively. The hands-on experience with these features, in combination with a thorough understanding of the associated compliance and legal implications, will be invaluable in preparing for the SC-400 exam.
Practice Test with Explanation
True or False: Litigation Hold can only be applied to one mailbox at a time in Microsoft Exchange Online.
Answer: False
Explanation: Litigation Hold can be applied to multiple mailboxes at once in Exchange Online by using the Exchange Management Shell or by applying the hold to all mailboxes in an organization.
True or False: When you apply an In-Place Hold to a mailbox, items are immediately removed from the user’s view.
Answer: False
Explanation: When an In-Place Hold is applied, items are preserved within the mailbox but remain accessible and visible to the user.
In Microsoft Exchange Online, which cmdlet is used to create a Litigation Hold?
- A) Set-Mailbox
- B) New-MailboxHoldPolicy
- C) Get-MailboxSearch
- D) Create-HoldCompliancePolicy
Answer: A) Set-Mailbox
Explanation: The Set-Mailbox cmdlet is used to place a mailbox on Litigation Hold in Exchange Online.
Which of the following holds will continue to preserve mailbox content indefinitely until removed?
- A) In-Place Hold with a specified duration
- B) Litigation Hold
- C) Retention Policy Hold
- D) All of the above
Answer: B) Litigation Hold
Explanation: Litigation Hold is designed to preserve mailbox content indefinitely until the hold is removed. In contrast, In-Place Holds can have a specified duration, and Retention Policies are generally based on certain conditions or time frames.
True or False: When you apply a hold on a mailbox, items deleted by users are permanently deleted from the mailbox database.
Answer: False
Explanation: When a hold is applied, deleted items are preserved in the recoverable items folder within the mailbox database, preventing their permanent deletion.
Which type of mailbox hold allows an administrator to query and hold items based on specific criteria such as keywords and dates?
- A) In-Place Hold
- B) Litigation Hold
- C) Retention Hold
- D) Time-Based Hold
Answer: A) In-Place Hold
Explanation: In-Place Holds can be used to search and hold items in a mailbox based on specific criteria, including keywords, dates, and other message properties.
True or False: You need to have the Mailbox Search role assigned in Exchange Online to place a hold on a mailbox.
Answer: True
Explanation: To place a hold on a mailbox, the admin must have the Mailbox Search role assigned either explicitly or as part of a role group in the Exchange admin center or via PowerShell.
Which feature in Microsoft Exchange Online ensures that a held mailbox’s deleted and edited items are preserved for a specified duration, even if the user permanently deletes them or reaches the retention period limit?
- A) Single Item Recovery
- B) Litigation Hold
- C) Versioning
- D) Recoverable Items Folder
Answer: D) Recoverable Items Folder
Explanation: The Recoverable Items Folder is designed to preserve deleted and edited mailbox items for a specified duration when a hold is in place, ensuring that these items can be accessed during investigations or eDiscovery.
For eDiscovery purposes, which of the following roles is necessary to access mailbox contents and apply holds in Microsoft Exchange Online?
- A) Compliance Management
- B) Organization Management
- C) Records Management
- D) Discovery Management
Answer: D) Discovery Management
Explanation: The Discovery Management role group is necessary for personnel involved in eDiscovery to search mailbox contents and apply mailbox holds in Exchange Online for compliance and litigation purposes.
True or False: A mailbox can be under both litigation hold and retention hold simultaneously.
Answer: True
Explanation: It is possible for a mailbox to be under multiple types of holds at the same time, such as a Litigation Hold and a Retention Hold, to meet different compliance requirements.
How can you remove a Litigation Hold from a mailbox in Exchange Online?
- A) Using the Remove-Mailbox cmdlet
- B) Disabling the hold from the Exchange admin center
- C) Setting the LitigationHoldEnabled parameter to $false
- D) Deleting the mailbox
Answer: C) Setting the LitigationHoldEnabled parameter to $false
Explanation: You can remove a Litigation Hold by setting the LitigationHoldEnabled parameter to $false using the Set-Mailbox cmdlet in the Exchange Management Shell or disable the hold from the mailbox properties in the Exchange admin center.
True or False: When you apply an In-Place Hold or Litigation Hold, you can specify a date range to only hold items that were sent or received within that range.
Answer: True
Explanation: Both In-Place Hold and Litigation Hold allow administrators to specify a date range so that only items sent or received within that time frame are preserved. This feature is useful for limiting the scope of what needs to be held for legal or compliance reasons.
Interview Questions
What is a litigation hold in Microsoft Exchange Online?
A litigation hold is a type of mailbox hold that ensures that all mailbox content is preserved and not deleted or altered during a legal case.
What are the benefits of using a litigation hold?
A litigation hold allows you to comply with legal and regulatory requirements, protect against spoliation, and preserve relevant data for legal cases.
How do you create a litigation hold in Microsoft Exchange Online?
You can create a litigation hold in the Exchange admin center or by using Exchange Online PowerShell commands.
What is the difference between a single item recovery and a litigation hold?
A single item recovery only preserves deleted items for a specified period of time, while a litigation hold preserves all mailbox content until the hold is removed.
How do you add or remove mailboxes from a litigation hold?
You can add or remove mailboxes from a litigation hold by editing the hold policy in the Exchange admin center or by using Exchange Online PowerShell commands.
Can you apply a litigation hold to a shared mailbox?
Yes, you can apply a litigation hold to a shared mailbox.
What happens to messages that are modified or deleted during a litigation hold?
Any messages that are modified or deleted during a litigation hold are preserved in their original state in the litigation hold mailbox.
How do you view the details of a litigation hold?
You can view the details of a litigation hold in the Exchange admin center or by using Exchange Online PowerShell commands.
Can you modify a litigation hold once it has been created?
Yes, you can modify a litigation hold by editing the hold policy in the Exchange admin center or by using Exchange Online PowerShell commands.
How do you remove a litigation hold?
You can remove a litigation hold by deleting the hold policy in the Exchange admin center or by using Exchange Online PowerShell commands.
Great blog post! This was exactly what I needed to understand how to apply mailbox holds in Exchange Online.
Thanks for the detailed instructions! Really helped me out.
Can someone explain the difference between Litigation Hold and In-Place Hold?
Perfect timing! I was just preparing for the SC-400 exam and this clarified a lot.
If I apply a hold to a mailbox, how much storage does it consume?
Appreciate the blog post!
Is it possible to apply multiple holds to the same mailbox?
I wish there was more detail on how to monitor and manage the compliance center for holds.