Interlink Cloud Blog
Matt Scherocman

How Does Archiving in Office 365 Work?

Immutability is the industry-standard term for “preserving data in the system so that it is discoverable, and cannot be destroyed or altered."

With Exchange Server 2016, and Exchange Online, Microsoft enables organizations to preserve individual or all mailbox items for discovery natively, keeping those items within the Exchange infrastructure. This approach is called, In-Place hold.

One significant benefit of hold as opposed to separate, read-only storage is that items are preserved within the Exchange infrastructure, preserving more of the information including metadata and making management easier for IT admins. Users benefit because they can manage their mailboxes using the familiar Outlook interfaces. From an IT-perspective, In-Place Hold eliminates the necessity and complexity of maintaining a separate infrastructure and potentially storage for Exchange items.

Exchange gives organizations the flexibility to choose the architecture that can help meet their immutability requirements whether that is on-premises, online, or a hybrid of both, and supports the ability to store archived items in a separate physical location.

In Exchange Online, you can use In-Place Hold or Litigation Hold to accomplish the following goals:

  • Enable users to be placed on hold and preserve mailbox items immutably
  • Preserve mailbox items deleted by users or automatic deletion processes such as MRM
  • Protect mailbox items from tampering, changes by a user, or automatic processes by saving a copy of the original item
  • Preserve items indefinitely or for a specific duration
  • Keep holds transparent from the user by not having to suspend MRM
  • Use In-Place eDiscovery to search mailbox items, including items placed on hold

Additionally, you can use In-Place Hold to:

  • Search and hold items matching specified criteria
  • Place a user on multiple In-Place Holds for different cases or investigations

How does Litigation Hold work?

In the normal deleted item workflow, a mailbox item is moved to the Deletions subfolder in the Recoverable Items folder when a user permanently deletes it (Shift + Delete) or deletes it from the Deleted Items folder. A deletion policy (which is a retention tag configured with a Delete retention action) also moves items to the Deletions subfolder when the retention period expires. When a user purges an item in the Recoverable Items folder or when the deleted item retention period expires for an item, it's moved to the Purges subfolder in the Recoverable Items folder and marked for permanent deletion. It will be purged from Exchange the next time the mailbox is processed by the Managed Folder Assistant (MFA).

When a mailbox is placed on Litigation Hold, items in the Purges subfolder are preserved for the hold duration specified by the Litigation Hold. The hold duration is calculated from the original date an item was received or created, and defines how long items in the Purges subfolder are held. When the hold duration expires for an item in the Purges subfolder, the item is marked for permanent deletion and will be purged from Exchange the next time the mailbox is processed by the MFA. If an indefinite hold is placed on a mailbox, items will never be purged from the Purges subfolder.

The following illustration shows the subfolders in the Recoverable Items folders and the hold workflow process.

Archiving in Office 365

See this technet article for additional information, or you can view the general sales site from Microsoft here.

Contact Interlink today for help in defining your needs, which licensing options would be the best fit, and actually getting the service configured correctly to ensure the right data is being kept and deleted.  

Jason Wingert

Your Biggest Business Threat is The One You Can’t See: How to Battle it With Microsoft Security Solutions

Your Biggest Business Threat is The One You Can’t See: How to Battle it With Microsoft Security Solutions

Cyber-attacks are sophisticated security intrusions that cost organizations $4 billion dollars per year. Because of the growing risk of cyber threats, Microsoft has outlined the anatomy of how a cyber breach occurs and the different response options available to regain control of a compromised system in an interactive infographic.

view the infographic microsoft security

Using research from leading IT security experts, the anatomy of a data breach demonstrates that all it takes is a small lapse in cyber security to open up your network to a series of devastating attacks.

Modern IT infrastructure requires a robust suite of security solutions that can detect threats and provide managers with appropriate response options. Understanding the anatomy of a breach can help you understand which Microsoft security products can keep your data safe.

Interlink has seen the challenges with cloud security and the solutions, and we can help keep your identities and data safe. 

Connect with Interlink Cloud Advisors today.

Matt Scherocman

Difference Between Microsoft’s Cloud App Security and Office 365 Advanced Security Management

Difference Between Microsoft’s Cloud App Security and Office 365 Advanced Security Management

Cloud App Security and Office 365 Advanced Security Management are very comparable Microsoft products, and many of our clients are confused over the difference between them. Both were acquired by Microsoft through the acquisition of Adallom and give users the capability to create security policies and receive alerts when those policies are breeched. In addition, each of the products give users the ability to set manual or automation remediation. Focused on Office 365, Advanced Security Management (ASM) does that work automatically.

In contrast, Cloud App Security covers a wide range of SaaS-based applications - including competitor’s services like Box, Salesforce, and Amazon Web Services. Cloud App Security also adds more functionality including its own data loss prevention, ability to automatically add new applications, and integration with Security Information Event Management (SIEM) products. 

The below chart provides additional details on when each product includes:

Difference Between Microsoft Cloud App Security and Office 365 Advanced Security Management

Contact Interlink today to discuss your needs and which solutions would be a fit for your organization.  

Matt Scherocman

Secure Productive Enterprise – The Ultimate License Bundle– The New Enterprise Cloud Suite

Secure Productive Enterprise – The Ultimate License Bundle– The New Enterprise Cloud Suite

What is Secure Productive Enterprise? 

Companies want to continue to use the most advanced technology to enable their employees to achieve more, but all of these new and different products have resulted in a licensing headache. We hear constantly that attempting to navigate around Microsoft licensing can be challenging and frustrating. Microsoft created the Enterprise Cloud Suite (ECS) a few years ago in an attempt to simplify this process. It was a single licensing option that included E3, the Enterprise Mobility + Security Suite and Windows Desktop upgrade. Building upon this initial base Microsoft is now continuing to simplify this process with the introduction of the Secure Productive Enterprise. This will be bringing together Office 365, Windows 10 Enterprise upgrade, and the Enterprise Mobility + Security suite into a single licensing offering called the Secure Productive Enterprise. This will be replacing the Enterprise Cloud Suite and Microsoft will be introducing even more options by also offering an Office 365 E5 option in the bundle.   

Moving forward Microsoft will be standardizing packaging offers across Office 365, Windows 10 Enterprise, and the Enterprise Mobility + Security Suite by offering two tiers of the Secure Productive Enterprise: E3 and E5. This is what it will look like:

Secure Productive Enterprise

Microsoft will continue to evolve the Windows E5 edition by adding more functionality. The first difference is the introduction of Windows Defender Advanced Threat Protection for end point breach detection.

For more information, check out Microsoft's blog post Empower Your Employees with the Secure Productive Enterprise.


Interlink can help guide you through your options and help figure out what works for your users. We can help profile your users - remember that you don’t have to license everyone with the same license bundle in the cloud.  

Contact us for more information.

 
Matt Scherocman

Microsoft Office 365 Advanced eDiscovery - Reducing the Challenges and Costs of eDiscovery

Microsoft Office 365 Advanced eDiscovery - Reducing the Challenges and Costs of eDiscovery

The new Advanced eDiscovery tool from Microsoft is groundbreaking while it uses machine learning to find the most valuable data quickly and without the use of expensive outside legal assistance.

eDiscovery, short for electronic discovery, is the process of finding, gathering and generating electronically stored information (ESI) in response to a civil litigation that is carried out in electronic formats. It includes , but is not limited to, emails, instant messaging, documents, presentations, CAD/CAM files, databases, voicemail, audio and video files, social media, and web sites, and any other electronic information that could be significant evidence in a lawsuit. It can be an expensive, time consuming process, but Microsoft has created a solution that allows you to quickly and efficiently investigate and meet legal obligations with Office 365 Advanced eDiscovery.

Office 365 Advanced eDiscovery utilizes Equivio machine learning, predictive coding, and text analytics to analyze large, unstructured data sets and focus the data that's most relevant to a legal caseUtilizing these tools, Advanced eDiscovery sorts through thousands of messages, emails, and documents to find relevant files. The application also eliminates duplicate files, reconstructs email threads, and identify themes and data relationships that are the most relevant to your case. This reduces many of the legal and compliance challenges companies face when trying to manage large quantities of electronic data. 

Predictive Coding

With predictive coding in Advanced eDiscovery you can "train" the system to automatically determine if a data element is relevant or not by making decisions on a small set of the data. The system then looks to see what decision you made and applies that logic towards making decisions on relevancy for the larger data set. With that logic in place, it will also look to create a relevance ranking so that you can see what documents will most likely be the most relevant to your particular case.

Microsoft Office 365 Advanced eDiscovery predictive coding

Near-duplicate Detection

When you have teams constantly working on documents and sending them back and forth, odds are you will have multiple versions of the same document across your platform. Typically, you'd have to take one of your current employees off of their usual tasks or hire outside legal teams to review each of these documents and those costs can quickly add up. Even if the resources are there to support individual sorting, you could have different employees looking at different versions of the same document, which is a huge waste of valuable time! With near-duplicate detection you can have resource review a group of similarly structured documents, eliminating the manpower, time, and money normally needed.

Email Threading

We all know the feeling of receiving an email in our inbox that is at least five emails long with the same information from every reply, creating an incredibly long thread. Within advanced eDiscovery, the system looks to identify the unique messages from the email thread, eliminates duplicate messages, which allows you to focus on unique messages instead of the same ones over and over again.

Export for Review

When you export your case data with Advanced eDiscovery from Office 365, it includes a CSV file that contains all your document properties from the exported data along with the analytics metadata. After exporting, you can load the CSV file into the eDiscovery review application and maintain the analytics information. The export can then be imported to create searches in the eDiscovery review application.

Microsoft Office 365 Advanced eDiscovery export

How does this differ from E3?

The Office 365 E3 plans include the ability to do eDiscovery across a customer’s 365 information. The eDiscovery tool also has the ability to define searches based on a number of criteria including from, to, date

range, subject line, etc. However, it lacks a way to score, filter, or remove duplicates from the search like the Advanced eDiscovery tool.

Get Started with Advanced eDiscovery Today

Microsoft’s Office 365 Advanced eDiscovery, which is a part of the new Office 365 E5 plan and is available for purchase as add-on services to all Office 365 Enterprise plans. Advanced eDiscovery can be added for individual users and does not need to be purchased for every mailbox being searched.

Have any additional questions? – Contact us today!

 

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
6 post(s)
Tips and Tricks
Tips and Tricks
2 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
2 post(s)
Webinars
Webinars
16 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
23 post(s)
SharePoint
SharePoint
10 post(s)
Microsoft
Microsoft
7 post(s)
SQL 2016
SQL 2016
2 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
61 post(s)