Litigation hold is a feature in Exchange Online (EOP), to hold on a mailbox even license has been removed or user has deleted. There is also duration setting for how long to hold on the mailbox. The mailbox will stick at Microsoft server forever (unlimited duration).
Why litigation hold? To prevent lost of mailbox with accidental deletion, hold for auditing and act as backup. Anyway, easier for audits to audit/inspect the user mailbox. It is indeed recommended to enable this feature.
*Note:
- The mailbox with litigation hold enabled, doesn’t mean it kept a copy in the Microsoft’s Server, it only kept your last entry/used of the mailbox
- litigation hold only for user that have Enterprise licensed such as, E3 or E5
- Please also move the user account from a sync Organization unit to unsync organization unit, if the user no longer in organization. (Here is explanation why : “https://sabrinaksy.wordpress.com/2018/06/20/office-365-how-to-handle-resign-user-mailbox-with-litigation-hold-enabled/“)
For a user;
- Go to > EOP > Recipients > mailbox
- Select a user
- Double click to access to properties, and click on mailbox features, scroll down and find “Litigation hold” (now is Disabled)
- Click enable and save
- If you wish to set duration of the hold should last, you could enter the specify number of days. (Yes, they take in as Days)
- * If you want it to be unlimited then just leave that box blank and click save
- After enable the litigation hold, and it will prompt “this will take effect after 60 minutes”
For all user mailboxes;
*Azure Power Shell is required
- Open Azure Power Shell > Connect to Exchange Online
#This command run once (for permission purposes) Set-ExecutionPolicy Unassigned$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session
2. Next run the following command to Get only User Mailboxes and enable the litigation hold
a. Unlimited
Get-Mailbox -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -litigationholdenabled $true
OR
Get-Mailbox -RecipientTypeDetails usermailbox | Set-Mailbox -litigationholdenabled $true
OR
Get-Mailbox -RecipientTypeDetails usermailbox | where {$_.litigationholdenabled -eq $false} | Set-Mailbox -litigationholdenabled $true
b. With Duration specified
Get-Mailbox -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -litigationholdenabled $true -litigationholdduration 365
How to check whether litigation is working?
The interface way;
- Take a test mailbox with licensed and litigation hold enabled
- Remove test license
- Wait for half an hour
- Go to > EOP > Recipients > Mailbox
- At the search box > key in user’s name
- Click Refresh icon
- You can see that the user mailbox is still there
*Note: At the AD, if you’ve move the user account to another OU which is unsync OU, the user will not appear in the EOP mailbox, instead it will appear as “Deleted mailbox”. This is a normal behaviour. The mailbox is not deleted, it is still attach with the Microsoft server. So don’t worry.
The Power Shell way;
- Run this Get Command, to retrieve user mailbox with litigation hold enabled
Get-Mailbox -Filter {RecipientTypeDetails -eq "UserMailbox"} | where {$_.LitigationHoldEnabled -eq $true} | FL
OR
Get-Mailbox -RecipientTypeDetails “UserMailbox” | where {$_.LitigationHoldEnabled -eq $true}
References:
- https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx
- https://technet.microsoft.com/en-us/library/dn743673(v=exchg.160).aspx
