Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Data retention/ eDiscovery/Compliance basics

Brass Contributor

I am trying to get my head around eDiscovery, compliance and data retention in Office 365.

 

I understand that eDiscovery is primarily used to gather evidence for legal cases/compliance breaches etc. What is the general setup of data retention and eDiscovery in an organization's Office 365 environment - 

 

1) Is the "Data retention" in security and compliance center/ "In Place eDiscovery and hold" in exchange admin set up first so that the data is indexed and is 'findable' ? If this is not setup initially, I am not sure how the emails read and deleted by users can be searched during eDiscovery and presented as evidence in legal cases ?

 

2) When a requirement arises for eDiscovery a new 'case' is created in Office 365 eDiscovery and rules are applied to find the relevant data ? In this 'case' there is a "Holds" tab. What is the use of these holds since organizations setup HOLDS/Data retention for all the mail boxes already (step 1)

 

 

 

 

3 Replies

Data is always indexed/searchable, what Retention in the SCC and holds in general allow you to do is prevent users from deleting data and make sure it's retained for legal purposes.

 

As for 2), holds can vary in type - some of them can apply to specific content only, some to specific location, some might be for a specific duration. You can have multiple holds applied to the same user/content, depending on the case. If you put the user on a permanent hold, you dont necessarily need to use the Hold options when creating a new eDiscovery case. But that's more of a matter of following the policies in your organization.

Thanks for your response Vasil.

 

Yes, we can create multiple types of holds in the case however I believe, a hold specific to a case will hold the data present in a users mailbox at that point of time and mails deleted thereafter. 

 

For a legal matter specific case in eDiscovery which ivestigates historical emails, the holds inside a case won't come handy (except the emails present currently in user's mailbox). In these scenarios, the holds set up initially based on organizations mail retention policy will come to the rescue.

 

Also, if I choose to setup mailbox in-place hold for all the employees in my company, is the storage space alloted to a user in Office 365 plan used for this or is it a separate chargeable storage (https://technet.microsoft.com/en-in/library/exchange-online-limits.aspx). How does the storage cost work in retention scenarios ?

As I said, how you decide to use holds in your organization is up to you. The functionality is there.

 

You dont need to worry about additional storage. Each mailbox has dedicated quota for the RecoverableItems subtree, where (deleted) data on hold ends up. You get 100GB for mailboxes put on hold, and it can now be further increased.