Onedrive Litigation Hold Management in Microsoft 365 for Compliance

In Microsoft 365, OneDrive Litigation Hold is a feature that helps organizations manage and preserve data in case of a lawsuit or investigation. This feature allows you to place a hold on data in OneDrive, preventing it from being deleted or modified.

To place a hold on data in OneDrive, you can use the eDiscovery tool in Microsoft 365. The eDiscovery tool allows you to search for and preserve data across multiple sources, including OneDrive, Exchange, and SharePoint.

A Litigation Hold can be placed on a user's OneDrive account, which will prevent any data from being deleted or modified until the hold is removed. This ensures that all relevant data is preserved and can be used as evidence in a lawsuit or investigation.

If you place a Litigation Hold on a user's OneDrive account, it will remain in place until you remove it. You can remove the hold at any time, but keep in mind that any data that was deleted or modified while the hold was in place may not be recoverable.

Retention policies can be used to retain content indefinitely or for a specific period, or to automatically delete it after a specified period. This means you can choose to keep your files forever or let them go after a certain time.

Data retention policies are rules within Microsoft Office 365 that prevent accidental or malicious deletion or alteration of important data. These policies vary widely between organisations depending on their risk profiles, regulatory environments, and internal company policies.

You have three options for data disposition: automatic deletion, flag data for review, or retain data without protection. Automatic deletion deletes anything that ages out of a retention policy, while flagging data for review enables administrators to manually review aged-out data. Retaining data without protection leaves previously protected data in place, allowing it to be deleted or edited.

In our experience, automatic deletion and indefinite retention options both pose significant risks. Automatic deletion leaves organisations unprotected in the event of litigation, while indefinite retention means greater risk exposure to claims from potential data breaches.

Here are the disposition options in more detail:

It's always best to review all data prior to disposition if possible, especially with an E5 license that allows for this functionality.

In Microsoft 365, a Preservation Hold Library is a feature that preserves original copies of content in SharePoint Online and OneDrive, prior to editing or deleting.

To use a Preservation Hold Library, you need to enforce a retention policy hold, which requires an Office 365 E3 license or higher.

Having a Preservation Hold Library can be a game-changer for data retention in SharePoint Online and OneDrive for Business, allowing you to efficiently manage your data and meet compliance requirements.

The Preservation Hold Library preserves content behind the scenes, making it easy to retain and manage your data without disrupting your workflow.

With a Preservation Hold Library, you can rest assured that your content is being preserved and protected, even after editing or deleting.

To place a litigation hold in Office 365, you must ensure the targeted mailbox has at least an Exchange Plan 2 license or an applicable add-on license.

Organizations with at least an E3 plan or applicable add-ons can leverage O365's Core eDiscovery features, which allow them to conduct a litigation hold in Teams, OneDrive litigation hold, and more.

Businesses looking to access O365's Advanced eDiscovery features must ensure all users are on an E5 subscription plan or have applicable add-ons.

A preservation hold library preserves the original copies of contents in SharePoint Online and OneDrive before editing or deleting.

To delete files from the preservation hold library, you must first remove the retention policy or e-discovery hold applied to the respective files.

Retention policies can be used to retain content indefinitely or for a specific period, or to automatically delete it after a specified period.

A combination of retention policies and litigation hold is recommended to ensure data protection against accidental and malicious data alteration and deletion.

Knowing the data location is crucial to put the data on hold right after receiving a legal action notification.

To efficiently use the legal hold functionality in Microsoft 365, consider the following best practices:

O365 legal hold tools may pose challenges for legal team members due to their design with the average business user and IT in mind, not lawyers.

To implement an effective onedrive litigation hold, consider developing repeatable workflows that your employees can follow. This ensures fast reaction to legal issues and critical data availability throughout the required period.

To create these workflows, describe what to do after the legal hold request is received, how to maintain records during the process, and how to correctly release the hold. You can use the repeatable workflows for efficient employee training.

To place a litigation hold in Office 365, you must ensure that the mailbox you're targeting has at least an Exchange Plan 2 license or an appropriate add-on license.

O365 legal hold tools may make it look easy to find and preserve evidence, but they were designed with the average business user and IT in mind, not lawyers.

O365's legal holds and eDiscovery tools can pose challenges for legal team members, especially when it comes to preserving evidence in a secure environment.

The features surrounding a litigation hold in Office 365 can get you started with data management for disputes and investigations, but they may not be enough to showcase the defensibility of your processes.

Traditional legal hold notices can turn into a time-sucking chore, requiring endless custom emails, Excel sheets, and intake questionnaires.

O365's plan may not allow for proper preservation, which can be a problem if you need to keep data unaltered over the duration of your holds.

To use the legal hold functionality in Microsoft 365 efficiently, follow these best practices.

You can use the legal hold functionality in Microsoft 365 more efficiently by following certain recommendations.

The preservation hold library preserves the original copies behind the scene, prior to editing or deleting, when you enforce a retention policy hold to retain contents in SharePoint Online and OneDrive.

This means you can rely on the preservation hold library to safeguard your content.

In Microsoft 365, legal hold functionality is designed to help you manage and preserve content, but it can be overwhelming if not used correctly.

Clear roles are essential in data governance, and one way to establish them is by designating a custodian for sensitive data. This person is responsible for owning and carrying the responsibility for the data that needs to be preserved.

To inform employees of their roles, you should let them know in advance that they are sensitive data custodians. This way, they can take the necessary steps to protect the data and know how to turn on Litigation Hold in Office 365 when required.

Having a person responsible for Litigation Hold cases in general can also help streamline the process. This person can be the go-to contact for employees with questions about the procedure and data.

You can automate the process of managing OneDrive locations for a retention compliance policy using PowerShell scripts. The script is included in the OneDrive Agent PowerShell code snippet.

The script connects to Exchange Online using the ConnectExchangeOnline.txt file. This is a common step in many PowerShell scripts for Exchange and OneDrive management.

The script then loops through a list of site URLs stored in the %SITEURLS% variable, which is likely populated from a configuration file or user input.

For each site URL, the script checks if the location is on hold using an If statement with the condition ISONHOLD. If it is, the script adds the OneDrive location to the retention compliance policy using the Set-RetentionCompliancePolicy cmdlet.

If the location is not on hold, the script removes the OneDrive location from the retention compliance policy using the same cmdlet.

The script writes any errors to a file specified by the %RESULTSFILE% variable, and exits with a code of 0 if successful, or 1 if an error occurred.

A similar script is used for SharePoint locations, with the only difference being the use of the Set-RetentionCompliancePolicy cmdlet with the -AddSharepointLocation and -RemoveSharepointLocation parameters.