“Immutability” is the industry-standard term for “preserving data in the system so that it is discoverable and cannot be destroyed or altered."
With Exchange Server 2016 with Enterprise CAL or Exchange Online Plan 2 (included in Office 365 E3 and Office 365 E5 plans), Microsoft enables organizations to preserve individual or all mailbox items for discovery natively, keeping those items within the Exchange infrastructure. This approach is called, In-Place hold.
One significant benefit of hold - as opposed to separate, read-only storage - is that items are preserved within the Exchange infrastructure. This preserves more of the information, including metadata, and makes management easier for IT admins. Users benefit because they can manage their mailboxes using the familiar Outlook interface. From an IT-perspective, In-Place Hold eliminates the necessity and complexity of maintaining a separate infrastructure and potentially storage for Exchange items.
Exchange gives organizations the flexibility to choose the architecture that can help meet their immutability requirements, whether that is on-premises, online or a hybrid of both and supports the ability to store archived items in a separate physical location.
How to Handle Terminated Users in Office 365
Exchange Online makes it possible for you to preserve the contents of deleted mailboxes indefinitely. This feature is called “inactive mailboxes.” A mailbox becomes inactive when an In-Place Hold is placed on the mailbox before the corresponding license for an Office 365 user account is removed.
You do not have to pay for keeping inactive mailboxes.
The contents of an inactive mailbox are preserved indefinitely. This allows administrators, compliance officers or records managers to use the In-Place eDiscovery feature in Exchange Online to access and search the contents of an inactive mailbox. Inactive mailboxes can't receive email and aren't displayed in your organization's shared address book or other lists.
Note: If a hold isn't placed on a mailbox before it's deleted, the contents of the mailbox won't be preserved or discoverable. The mailbox can be recovered within 30 days of deletion, but the mailbox and its contents will be permanently deleted after 30 days if it isn't recovered.
To make a mailbox inactive, it must be assigned an Exchange Online Plan 2 (included in Office 365 E3 and E5 plans) or have an Exchange Online Archiving subscription so that an In-Place Hold can be placed on the mailbox before it's deleted.
1. Access the contents of an inactive mailbox
After you make a mailbox inactive by placing the mailbox on In-Place Hold and then deleting the corresponding Office 365 user account, you can access the contents of the inactive mailbox by using In-Place eDiscovery in the Exchange admin center (EAC). When you search an inactive mailbox, you can create a keyword search query to search for specific items or you can return the entire contents of the inactive mailbox. You can preview the search results, copy the search results to a discovery mailbox, or export the search results to an Outlook Data (PST) file.
2. Permanently delete an inactive mailbox
If you no longer need to preserve the contents of an inactive mailbox, you can permanently delete the inactive mailbox by removing the In-Place Hold. If the mailbox was deleted more than 30 days ago, the mailbox will be permanently deleted after you remove the In-Place Hold, and mailbox items will become non-recoverable. If the mailbox was deleted within the last 30 days, you can still restore the mailbox after removing the hold.
In Exchange Online, you can use In-Place Hold or Litigation Hold to accomplish the following goals:
- Enable users to be placed on hold and preserve mailbox items immutably
- Preserve mailbox items deleted by users or automatic deletion processes such as MRM
- Protect mailbox items from tampering, changes by a user, or automatic processes by saving a copy of the original item
- Preserve items indefinitely or for a specific duration
- Keep holds transparent from the user by not having to suspend MRM
- Use In-Place eDiscovery to search mailbox items, including items placed on hold
Additionally, you can use In-Place Hold to:
- Search and hold items matching specified criteria
- Place a user on multiple In-Place Holds for different cases or investigations
How does Litigation Hold function?
In the normal deleted item workflow, a mailbox item is moved to the Deletions subfolder in the Recoverable Items folder when a user permanently deletes it (Shift + Delete) or deletes it from the Deleted Items folder. A deletion policy (which is a retention tag configured with a Delete retention action) also moves items to the Deletions subfolder when the retention period expires. When a user purges an item in the Recoverable Items folder or when the deleted item retention period expires for an item, it's moved to the Purges subfolder in the Recoverable Items folder and marked for permanent deletion. It will be purged from Exchange the next time the mailbox is processed by the Managed Folder Assistant (MFA).
When a mailbox is placed on Litigation Hold, items in the Purges subfolder are preserved for the hold duration specified by the Litigation Hold. The hold duration is calculated from the original date an item was received or created, and defines how long items in the Purges subfolder are held. When the hold duration expires for an item in the Purges subfolder, the item is marked for permanent deletion and will be purged from Exchange the next time the mailbox is processed by the MFA. If an indefinite hold is placed on a mailbox, items will never be purged from the Purges subfolder.
The below illustration shows the subfolders in the Recoverable Items folders and the hold workflow process.
Office 365 E3 today for help in defining your needs, which licensing options would be the best fit, and actually getting the service configured correctly to ensure the right data is being kept and deleted.
For more information on compliance within Office 365 click here.
This posting is provided “AS IS” with no warranties and confers no rights.
About the author
Related Posts
