Organizations today need to handle significant volumes of information related to legal and regulatory compliance due to the explosion of technology. One important application in Office 365 that assists organizations in these areas is Legal Hold.
This guide sets out to explain what Legal Hold is in Office 365, its significance, operation, implementation, and best practices.
What is Legal Hold in Office 365?
Legal Hold (otherwise known as Litigation Hold) is a function of Office 365 that retains every piece of email, document and other files classed as electronically stored information (ESI) pertaining to a specific legal case or legal investigation. Users cannot delete or change data permanently which provides regulatory compliance once Legal Hold is enabled.
Key Features of Legal Hold in Office 365
Retention of emails, messages in Teams, documents in SharePoint and OneDrive.
Information deletion or modification is impossible, regardless of an attempted data erasure.
Enforcement of legal regulations such as GDPR, HIPAA, FRCP.
Operates through OneDrive, SharePoint, Microsoft Teams, and Exchange Online.
Why is Legal Hold Important?
An organization may require Legal Hold for:
Lawsuits – Legal preservation of data is a mandatory requirement during court litigations.
Regulatory Investigation – Federal investigative bodies like SEC, FTC need certain documentations to be submitted.
Internal Audits – Businesses may have compliance checks that involve keeping data on file.
Data Breach Investigations – Preservation of evidence for incidents involving breaches of cyber security.
In the absence of Legal Hold, critical information may be deemed as no longer necessary and removed, whether this is intentional or accidental. This can result in legal repercussions, financial penalties, or a violation of regulations depending on the jurisdiction they operate in.
Types of Legal Hold in Office 365
Legal Hold is further divided into two types in Office 365:
- Litigation Hold (for Exchange Online)
Covers mailboxes including email, calendar, and contacts.
- Retention period is set either indefinitely or for a specified period.
- Enabling is done through the Microsoft 365 Compliance Center or PowerShell.
- eDiscovery Hold (for Exchange, Sharepoint, OneDrive, and Teams)
Part of Microsoft Purview eDiscovery enables granular holds for preserved data such as:
- Teams chats, SharePoint files, and documents from OneDrive.
- Defined date ranges and keywords.
Legal Hold Work Process in Office 365
When Legal Hold is activated:
Retention of Data Results:
- Emails, files, and messages are preserved in their original state.
- Any deletion performed by a user renders the item unrecoverable.
Retrievable Suspended Data:
- Legal teams can access held data in some predetermined condition while other conditions remain protected during investigations.
Example Scenario:
A company receives legal proceedings and the judge demands information to be frozen.
The IT administrator puts the involved employees on Legal Hold.
All emails, Teams messages, and any documents are retained until the legal hold is removed.
How to Enable Legal Hold in Office 365
Method 1: Using Microsoft Purview Compliance Portal
- Go to the Microsoft Purview Compliance Portal.
- Navigate to eDiscovery > Core eDiscovery.
- Create a new case and select “Add custodians” (users to place on hold).
- Choose “Place custodians on hold” and configure retention settings.
Method 2: Using PowerShell (For Exchange Online)
powershell
Copy
# Connect to Exchange Online
Connect-ExchangeOnline –UserPrincipalName admin@domain.com
# Enable Litigation Hold for a user
Set-Mailbox –Identity user@domain.com –LitigationHoldEnabled $true –LitigationHoldDuration 2555
(2555 days = ~7 years; use Unlimited for indefinite hold)
Method 3: Using the Security & Compliance Center (Legacy)
- Go to Security & Compliance Center > eDiscovery > Advanced eDiscovery.
- Create a new hold and select mailboxes/files to preserve.
Best Practices for Legal Hold in Office 365
- Define a Clear Retention Policy – Decide how long data should be held.
- Use eDiscovery for Targeted Holds – Instead of blanket holds, apply holds only to relevant data.
- Monitor Storage Usage – Legal Hold increases storage; manage it efficiently.
- Train Employees – Ensure staff understand Legal Hold implications.
- Audit Holds Regularly – Remove unnecessary holds to avoid data bloat.
Legal Hold vs. Retention Policies: What’s the Difference?
| Feature | Legal Hold | Retention Policy |
| Purpose | Preserve data for legal cases | Manage data lifecycle (delete/retain) |
| Scope | Specific users/cases | Organization-wide |
| Duration | Until hold is lifted | Fixed period (e.g., 7 years) |
| Deletion | Blocks permanent deletion | Can auto-delete after retention expires |
Use Legal Hold for legal matters; Retention Policies for general compliance.
Common Challenges with Legal Hold in Office 365
Cost Inefficiency – Keeping a large data set increases the need for cloud storage. Ordinarily, Slow eDiscovery Searches – Searching for relevant data from multiple holds is challenging. User Frustration – Employees may not understand the inability to delete certain files.
Overly Legal Conflicts – Conflicts between Legal Hold and Retention Policies create overlapping policies.
Everything You Need to Know About Legal Hold in Office 365 Bruin Login
- Is it possible for users to delete emails under Legal Hold? No, while deletion is not an option, there is no error displayed to users, because data is preserved in the background.
- What is the maximum period for holding Legal Hold? As long as desired, or a specific limit set (e.g., 7 years).
- Are Teams messages covered by Legal Hold?
Yes, for eDiscovery Hold (Teams data resides in Exchange Online). - Is it possible to impose Legal Hold on a shared mailbox?
Yes, however an Exchange Online Plan 2 license is needed.
- How can one determine if a user is under Legal Hold?
Through PowerShell:
powershell
Copy
Get-Mailbox user@domain.com | FL LitigationHoldEnabled
Conclusion
Legal Hold in Office 365 is an important organizational legislation control feature that enables organizations to retain data pertaining to legal and regulatory needs. Through Litigation Hold and eDiscovery, legal obligations such as penalties and court requirements can be avoided, and even sensitive information can be managed securely.
To effectively manage Legal Hold do the following:
✔ Utilize Microsoft Purview Compliance Portal for detailed granular holds.
✔ Use in conjunction with Retention Policies for wider data control.
✔ Educate users about Hold provisions so that they can obey the legal restrictions.
“Understanding Legal Hold in Office 365? Read Our In-Depth Guide!”
