Identify Holds Applied on EXO Mailboxes

Native Solution

Microsoft 365 Permission Required

High

Global Administrator or Exchange Administrator.

Steps Using PowerShell Script

Since the Exchange admin center provides built-in reporting only for litigation holds, we need to rely on the 'Get-Mailbox' PowerShell cmdlet. To capture all types of hold details, multiple filtrations required.
To overcome such limitations, download and execute our all-in-one PowerShell script which exports all Office 365 mailboxes placed on hold along with their corresponding properties.

Besides the overall report, this script can retrieve mailboxes placed on litigation hold, in-place hold, and retention hold as individual reports.

To list mailboxes with litigation hold enabled, run the script with the 'LitigationHoldsOnly' parameter.
```
.\MailboxHoldReport.ps1 -LitigationHoldsOnly
```
To identify mailboxes with in-place hold in Exchange Online, you can execute the script with the 'InPlaceHoldsOnly' parameter.
```
.\MailboxHoldReport.ps1 -InPlaceHoldsOnly
```
To get all mailboxes with retention hold, run the script with the 'RetentionHoldsOnly' parameter.
```
.\MailboxHoldReport.ps1 -RetentionHoldsOnly
```

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access assigned by Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the Mailboxes on Hold report under Analytics»M365 Birds Eye»Mailboxes to view the number of mailboxes placed on each type of hold and their corresponding details.

For detailed analysis, access dedicated reports under Reports»Exchange»Mailboxes On Hold to view specifics like the hold start date, end date, applied date, hold duration, hold owner, and more.

Explore the built-in graphical representation charts to visualize mailboxes with retention, in-place, and litigation holds, categorized by recipient type.

Explore a full range of reporting options

Quickly ensure data retention in Exchange Online!

Ensure secure data retention and legal compliance by swiftly spotting mailboxes with litigation holds and identifying the duration of the hold.

Witness the report in action using the

Live Demo

Important Tips

Monitor mailbox storage and the Recoverable Items folder size regularly, as litigation holds can consume a lot of storage, especially if the period is long.

Always apply a hold on mailboxes before deleting the user account and making it inactive to preserve the contents, as a best practice for user offboarding.

Utilize Microsoft eDiscovery to search for and export email content under legal holds into EML or PST file formats.

Exchange OnlineIdentify and Place Mailboxes on Hold in Microsoft 365

Showing 1 of 6

How to prevent email deletion in Exchange for legal and compliance needs? How to prevent specific emails from being permanently deleted in Exchange Online mailboxes? How to stop automatic email deletion in Exchange during an employee's extended leave? Can we place a shared mailbox on hold in Exchange Online? How to search and export emails under hold using eDiscovery? How do I turn off the delay hold in Office 365?

How to prevent email deletion in Exchange for legal and compliance needs?

Litigation holds ensure that the whole mailbox content along with the original versions of modified items and deleted items are retained to comply with legal obligations. Enabling litigation hold in Office 365 helps to investigate any intentional or unintentional destruction of evidence.

Let's see how to set up litigation hold in Microsoft 365 using the Exchange admin center and PowerShell.

Place a mailbox on litigation hold using EAC

Navigate to the Mailbox section in the Exchange admin center.
Select the desired mailbox and go to the Others tab. Then, select the Manage litigation hold option.
Enable the Litigation hold toggle and enter the Hold duration in the respective field. Leave the duration field blank for an indefinite hold (the mailbox will remain on litigation hold until removed).
Enter a Note and a Web page URL to display to the user, or leave these fields empty if not needed.
Finally, click Save to apply the hold.

Enable litigation hold for mailboxes using PowerShell

Use the following PowerShell command with appropriate placeholders to enable litigation hold for a mailbox in the Exchange Online.

Set-Mailbox -Identity <Mailbox UPN> -LitigationHoldEnabled $true -LitigationHoldDate <MM/DD/YYYY> -LitigationHoldOwner <Hold Owner’s Name> -LitigationHoldDuration <Hold Duration>

To enable the litigation hold for all mailboxes, use the following command in the Exchange Online PowerShell.

Get-Mailbox -ResultSize Unlimited | ForEach-Object { Set-Mailbox -Identity $_.UserPrincipalName -LitigationHoldEnabled $true -LitigationHoldDate <MM/DD/YYYY> -LitigationHoldOwner <Hold Owner’s Name> -LitigationHoldDuration <Hold Duration>}

Note: To enable litigation hold on a mailbox, it must be assigned with an Exchange Online P2 license.

What happens when a user deletes emails from a mailbox placed under litigation hold?

When a litigation hold is turned on for a mailbox, users can remove items from their mailbox, but those items are still retained by Microsoft 365. Admins can identify these deletions during a Microsoft 365 forensic investigation.

The following occurs when a user deletes an email from a mailbox with litigation hold enabled.

Deleted items are moved to the ‘Recoverable Items’ folder, specifically to the 'Deletions' subfolder (not visible to users).
If a user deletes an item from the 'Deletions' subfolder (Recoverable Items in the UI), it is moved to the 'Purges' subfolder. Items in the 'Purges' subfolder are retained until the litigation hold gets removed or the hold duration expires.

How to prevent specific emails from being permanently deleted in Exchange Online mailboxes?

Previously, the "In-Place eDiscovery & Hold" feature in Office 365 allowed the preservation of specific email items across the organization. This enabled us to search and hold the specific email contents based on keywords, sender, recipient, etc.

Microsoft has retired its legacy eDiscovery tools, meaning you can no longer view or create in-place holds in Exchange Online. Instead, you can utilize Microsoft Purview eDiscovery (Standard) cases to create holds and export emails. This alternative offers additional functionalities, allowing you to hold content from all Microsoft 365 services, unlike the previous in-place hold which only applied to mailboxes.

How to create an eDiscovery hold in the Microsoft Purview Compliance portal?

Applying an eDiscovery hold to specific mailbox contents through the Microsoft Purview portal involves several steps. Here is a step-by-step guide.

Go to the eDiscovery (Standard) page in the Microsoft Purview portal and create a new case.
Go to the Hold tab and choose Create. Provide a unique name and description (optional).
On the Choose locations page, enable the Exchange mailboxes toogle and choose the mailboxes for which the hold must be applied.
On the Query page, use the Query builder or KQL editor to filter the specific mailbox contents to which you intend to apply the hold.
Review your settings and click Submit to apply the hold.

Note: Ensure the preservation of vital data with eDiscovery holds, while employing retention policies to eliminate unnecessary items.

Stay compliant and streamline your eDiscovery legal hold management with AdminDroid!

Track activities related to eDiscovery hold policies, such as creation, deletion, and modification, using the eDiscovery legal hold report.
Use the easy filters provided in the report to sort by operations, user actions, result status, user type, etc.

How to stop automatic email deletion in Exchange during an employee's extended leave?

You can place mailboxes on retention hold to temporarily disable the MRM retention policies from deleting or archiving emails.

What is retention hold in Exchange Online?

Retention hold, a vital feature within Exchange Online, empowers you to safeguard users’ email contents for specific durations.

Microsoft 365 admins often apply retention holds to the user mailboxes who are on extended leave. This action ensures that emails and other important data are preserved from auto-deletion due to retention policies during the user's absence. Applying this hold allows users to access their emails when they return from leave, without the risk of important data being deleted during their absence.

Place a mailbox on retention hold

We need to use PowerShell to place the retention hold on a mailbox because the Exchange admin center does not support this feature.
Connect to Exchange Online and execute the following command with the appropriate placeholders to place a mailbox on retention hold.

Set-Mailbox -Identity <Mailbox UPN> -RetentionHoldEnabled $true -StartDateForRetentionHold <MM/DD/YYYY> -EndDateForRetentionHold <MM/DD/YYYY>

Remove retention hold from a mailbox

To remove a retention hold from a mailbox in Exchange Online, execute the following cmdlet with the appropriate mailbox UPN.

Set-Mailbox -Identity <Mailbox UPN> -RetentionHoldEnabled $false

Can we place a shared mailbox on hold in Exchange Online?

Yes, shared mailboxes in Exchange Online can be placed on hold similarly to regular user mailboxes. However, to place a litigation or in-place hold on shared mailboxes, you must have an Exchange Online Plan 2 license or higher. Retention holds can be applied to shared mailboxes without requiring any licenses.

How to assign a license to a shared mailbox?

Assigning a license to a shared mailbox follows a similar process to assigning a license to a user. To do so, you can follow these steps in the Microsoft 365 admin center.

Go to the Active users tab under the Users section and choose the appropriate shared mailbox from the list.
Navigate to the License and apps page and select the appropriate license. Click Save changes to assign the license.

Utilize the Shared Mailboxes report from AdminDroid to easily identify shared mailboxes that lack licenses.

This report gives the basic details of all the shared mailboxes along with the license assigned status.
Analyze this report and assign licenses accordingly, as mailboxes require Exchange Online plan 2 license for litigation or in-place holds.

Handy Tip: Make clicks on the License Status column header to sort it in descending order to identify the unlicensed shared mailboxes at a glance.

How to search and export emails under hold using eDiscovery?

To search for and export emails under litigation, eDiscovery, or in-place holds, you can use the eDiscovery feature in the Microsoft Purview portal. Ensure you are using the Microsoft Edge browser and have the eDiscovery manager role assigned before proceeding with exporting email contents.

Here are the steps to search for and retain emails from mailboxes that have an active hold:

Go to the Microsoft Purview Portal»eDiscovery»Standard.
Create a new case or select the existing case if you’ve already created a related case.
Within the case, go to the Searches tab and create a New search with a unique name, targeting the appropriate mailboxes with specific conditions (for example, the subject or sender of the mail).
After creating an eDiscovery search, select it from the Search tab and allow some time for the search to complete.
Click on Actions and select Export results option followed by Export button.
After starting the export, navigate to the Exports tab in the case. Choose your search export and wait for the export to be scheduled (this process may take some time).
Copy the export key and click on the Download results option. Open the file to launch the eDiscovery Export tool.
Paste the copied export key, choose the location to store the downloaded files, and start the download.

Auditing all the content search-based activities that occurred in your Microsoft 365 organization is made easy!

Navigate to Audit»Security and Compliance»eDiscovery»Compliance search Activities in the AdminDroid reporter.
Analyzing this report can helps to identify the eDiscovery and compliance search creation, modification, deletion, retrieval, and terminations performed by admins.

Handy Hint: As AdminDroid is capable of providing reports related to all the M365 services, you can use the combination of “Ctrl + Shift + F” to search for and find your desired report.

How do I turn off the delay hold in Office 365?

Before proceeding to turn off the delay hold in Microsoft 365, you must understand what it is and why it was enabled.

What is a delay hold and why it is enabled in mailboxes?

A delay hold in Microsoft 365 is a feature designed to provide a 30-day buffer period after any type of hold is removed from a mailbox. This buffer prevents data from being permanently deleted (purged) immediately and allows admins to search for or recover items that would otherwise be purged.

A delay hold is placed on a mailbox the next time the Managed Folder Assistant processes the mailbox and detects that a hold was removed.

How to turn off the delay hold for mailboxes?

To remove the delay hold before the 30-day period expires, run the following command in the Exchange Online PowerShell.

Set-Mailbox –Identity <Mailbox UPN> -RemoveDelayHoldApplied

Identifying the list of mailboxes with delay hold applied is an easy task with AdminDroid!

You can find all the mailboxes with delay hold applied by including the Delay Hold column in the All Mailboxes report using Advanced Customization.
Since this report retrieves all properties related to the mailbox, you can customize it to meet your specific needs.

Pro Tip: Make use of the Save as View option to save your current customized report view for quick access in the future.

AdminDroid Exchange Online ReporterEffortlessly check if mailboxes are on hold in Microsoft 365 without any hassles

The AdminDroid Exchange Online reporting tool provides admins with the ability to seamlessly identify holds on all Microsoft 365 mailboxes. This remarkable solution comes with integrated graphical representations and customizable reports, enabling admins to bypass complex PowerShell methods.

Get unmatched insights with AdminDroid to identify holds on Exchange Online mailboxes

The M365 Birds Eye report with Mailboxes on Hold offers an optimal solution by providing a comprehensive overview of all mailboxes under hold in your Microsoft 365 organization. By leveraging insights from AdminDroid on mailboxes under hold, you can promptly take necessary actions, like removing or enabling holds.

A Quick Summary

Identify Shared Mailboxes with Hold Applied

Review the list of shared mailboxes with litigation hold, retention hold, and in-place hold to determine whether to maintain or remove them according to your requirements.

Audit eDiscovery Cases Configuration Activities

Easily audit the activities related to the configuration of eDiscovery cases, such as creation, modification, and deletion.

Receive Timely Insights on Mailboxes on Hold

Schedule litigation hold, retention hold, and in-place hold reports on a weekly basis to check and review the list of mailboxes placed on hold over the past week.

Examine M365 Mailbox Retention Settings

Review the retention settings and the policy applied to each Microsoft 365 mailbox to remove such configurations from the inactive mailboxes in your organization.

Export Customized Mailbox Hold Reports

Utilize customization options like data filtration, column merging, and more with AdminDroid's rich reporting capabilities to share and export mailbox hold reports.

Find Mailboxes on Hold with EXO Dashboard

Quickly assess the mailbox key metrics, including the number and percentage of mailboxes under active holds using AdminDroid's Exchange Online dashboard.

On the whole, AdminDroid excels in providing a means to export reports on Microsoft 365 mailboxes under hold. It reduces the difficulty in retrieving the data needed for Exchange Online management.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps Related to Mailboxes on Hold in Microsoft 365

The following list outlines errors and their corresponding troubleshooting hints when dealing with mailbox holds in Microsoft 365.

Error: The action 'Set-Mailbox', 'LitigationHoldEnabled', can't be performed on the user 'X'. Your Microsoft Exchange Online license doesn't permit you to put a litigation hold on this mailbox.

This error occurs when you try to place a user mailbox, shared mailbox, or resource mailbox on hold without an Exchange Online plan 2 license or higher.

Troubleshooting hint :Assign an Exchange Online plan 2 license to the respective mailbox.

Error: Cannot process argument transformation on parameter 'EndDateForRetentionHold'. Cannot convert value "25/05/2025" to type "System.Nullable`1[System.DateTime]". Error: "String '25/05/2025' was not recognized as a valid DateTime.

This error occurs when you enter the date in the DD/MM/YYYY format instead of the MM/DD/YYYY format.

Troubleshooting hint :Enter the date in the MM/DD/YYYY format.

Error: WARNING: The command completed successfully but no settings of 'X' have been modified.

This error occurs when you haven't changed any property related to the hold in the corresponding mailbox.

Troubleshooting hint :Verify the existing properties of the mailbox using the Get-Mailbox cmdlet, and then configure your requirements.

Error: Microsoft.Exchange.Management.Tasks.RecipientTaskException|Exchange can't disable the mailbox "X" because it is on litigation hold.

As placing the mailbox on litigation hold also places a litigation hold on its archive mailbox, this error occurs when you try to disable the archive mailbox while the mailbox is under litigation hold.

Troubleshooting hint :Remove the litigation hold from the mailbox and then try to disable the archive mailbox.

Error: You don't have export permissions. A Compliance Administrator or a member of the Organization Management role group can assign you a role with export permissions. Only eDiscovery Managers and eDiscovery Administrators have export permissions among the default role groups.

This error occurs when you try to export the eDiscovery search without the eDiscovery Manager permission role, or the role was recently assigned to you.

Troubleshooting hint :Ask the global administrator to assign you the eDiscovery Manager role. If the role was assigned recently, wait for an hour for the role change to take effect.

Error: You cannot start application Microsoft Office 365 eDiscovery Export Tool from this location because it is already installed from a different location.

This error occurs when you try to export the eDiscovery search results from a browser other than Microsoft Edge or Internet Explorer.

Troubleshooting hint :Use Microsoft Edge to download the eDiscovery export.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Identify Holds on Mailboxes in Exchange Online