Exchange Online

How to Identify Holds on Mailboxes in Exchange Online

Exchange Online offers robust features such as litigation hold, retention hold, and in-place hold to securely retain emails, calendars, and other mailbox items. Understanding how these holds are configured is crucial to prevent data loss. This guide will walk you through the steps to identify the types of holds placed on Exchange Online mailboxes and how to configure them to maintain data integrity.

Using PowerShell Script

Microsoft 365 Permission Required

Global Administrator or Exchange Administrator.

Since the Exchange admin center provides built-in reporting only for litigation holds, we need to rely on the 'Get-Mailbox' PowerShell cmdlet. To capture all types of hold details, multiple filtrations required.
To overcome such limitations, download and execute our all-in-one PowerShell script which exports all Office 365 mailboxes placed on hold along with their corresponding properties.

MailboxHoldReport.ps1

Besides the overall report, this script can retrieve mailboxes placed on litigation hold, in-place hold, and retention hold as individual reports.

To list mailboxes with litigation hold enabled, run the script with the 'LitigationHoldsOnly' parameter.
```
.\MailboxHoldReport.ps1 -LitigationHoldsOnly
```
To identify mailboxes with in-place hold in Exchange Online, you can execute the script with the 'InPlaceHoldsOnly' parameter.
```
.\MailboxHoldReport.ps1 -InPlaceHoldsOnly
```
To get all mailboxes with retention hold, run the script with the 'RetentionHoldsOnly' parameter.
```
.\MailboxHoldReport.ps1 -RetentionHoldsOnly
```

Using AdminDroid
Simple & Quick

AdminDroid Permission Required Delegated

Any user with report access assigned by Super Admin.

Login to the AdminDroid Office 365 reporter.
Navigate to the Mailboxes on Hold report under Analytics»M365 Birds Eye»Mailboxes to view the number of mailboxes placed on each type of hold and their corresponding details.

AdminDroid Exchange Online Reporter

Effortlessly check if mailboxes are on hold in Microsoft 365 without any hassles

The AdminDroid Exchange Online reporting tool provides admins with the ability to seamlessly identify holds on all Microsoft 365 mailboxes. This remarkable solution comes with integrated graphical representations and customizable reports, enabling admins to bypass complex PowerShell methods.

Identify Shared Mailboxes with Hold Applied

Review the list of shared mailboxes with litigation hold, retention hold, and in-place hold to determine whether to maintain or remove them according to your requirements.

Audit eDiscovery Cases Configuration Activities

Easily audit the activities related to the configuration of eDiscovery cases, such as creation, modification, and deletion.

Receive Timely Insights on Mailboxes on Hold

Schedule litigation hold, retention hold, and in-place hold reports on a weekly basis to check and review the list of mailboxes placed on hold over the past week.

Examine M365 Mailbox Retention Settings

Review the retention settings and the policy applied to each Microsoft 365 mailbox to remove such configurations from the inactive mailboxes in your organization.

Export Customized Mailbox Hold Reports

Utilize customization options like data filtration, column merging, and more with AdminDroid's rich reporting capabilities to share and export mailbox hold reports.

Find Mailboxes on Hold with EXO Dashboard

Quickly assess the mailbox key metrics, including the number and percentage of mailboxes under active holds using AdminDroid's Exchange Online dashboard.

On the whole, AdminDroid excels in providing a means to export reports on Microsoft 365 mailboxes under hold. It reduces the difficulty in retrieving the data needed for Exchange Online management.

Explore a full range of reporting options

Download Live Demo

Important Tips

Monitor mailbox storage and the Recoverable Items folder size regularly, as litigation holds can consume a lot of storage, especially if the period is long.

Always apply a hold on mailboxes before deleting the user account and making it inactive to preserve the contents, as a best practice for user offboarding.

Utilize Microsoft eDiscovery to search for and export email content under legal holds into EML or PST file formats.

Common Errors and Resolution Steps

The following list outlines errors and their corresponding troubleshooting hints when dealing with mailbox holds in Microsoft 365.

Error The action 'Set-Mailbox', 'LitigationHoldEnabled', can't be performed on the user 'X'. Your Microsoft Exchange Online license doesn't permit you to put a litigation hold on this mailbox.

This error occurs when you try to place a user mailbox, shared mailbox, or resource mailbox on hold without an Exchange Online plan 2 license or higher.

Fix Assign an Exchange Online plan 2 license to the respective mailbox.

Error Cannot process argument transformation on parameter 'EndDateForRetentionHold'. Cannot convert value "25/05/2025" to type "System.Nullable`1[System.DateTime]". Error: "String '25/05/2025' was not recognized as a valid DateTime.

This error occurs when you enter the date in the DD/MM/YYYY format instead of the MM/DD/YYYY format.

Fix Enter the date in the MM/DD/YYYY format.

Error WARNING: The command completed successfully but no settings of 'X' have been modified.

This error occurs when you haven't changed any property related to the hold in the corresponding mailbox.

Fix Verify the existing properties of the mailbox using the Get-Mailbox cmdlet, and then configure your requirements.

Error Microsoft.Exchange.Management.Tasks.RecipientTaskException|Exchange can't disable the mailbox "X" because it is on litigation hold.

As placing the mailbox on litigation hold also places a litigation hold on its archive mailbox, this error occurs when you try to disable the archive mailbox while the mailbox is under litigation hold.

Fix Remove the litigation hold from the mailbox and then try to disable the archive mailbox.

Error You don't have export permissions. A Compliance Administrator or a member of the Organization Management role group can assign you a role with export permissions. Only eDiscovery Managers and eDiscovery Administrators have export permissions among the default role groups.

This error occurs when you try to export the eDiscovery search without the eDiscovery Manager permission role, or the role was recently assigned to you.

Fix Ask the global administrator to assign you the eDiscovery Manager role. If the role was assigned recently, wait for an hour for the role change to take effect.

Error You cannot start application Microsoft Office 365 eDiscovery Export Tool from this location because it is already installed from a different location.

This error occurs when you try to export the eDiscovery search results from a browser other than Microsoft Edge or Internet Explorer.

Fix Use Microsoft Edge to download the eDiscovery export.

Exchange Online

Frequently Asked Questions

Identify and Place Mailboxes on Hold in Microsoft 365

How to prevent email deletion in Exchange for legal and compliance needs?

How to prevent specific emails from being permanently deleted in Exchange Online mailboxes?

How to stop automatic email deletion in Exchange during an employee's extended leave?

Can we place a shared mailbox on hold in Exchange Online?

How to search and export emails under hold using eDiscovery?

How do I turn off the delay hold in Office 365?

1. How to prevent email deletion in Exchange for legal and compliance needs?

Litigation holds ensure that the whole mailbox content along with the original versions of modified items and deleted items are retained to comply with legal obligations. Enabling litigation hold in Office 365 helps to investigate any intentional or unintentional destruction of evidence.

Let's see how to set up litigation hold in Microsoft 365 using the Exchange admin center and PowerShell.

Place a mailbox on litigation hold using EAC

Navigate to the Mailbox section in the Exchange admin center.
Select the desired mailbox and go to the Others tab. Then, select the Manage litigation hold option.
Enable the Litigation hold toggle and enter the Hold duration in the respective field. Leave the duration field blank for an indefinite hold (the mailbox will remain on litigation hold until removed).
Enter a Note and a Web page URL to display to the user, or leave these fields empty if not needed.
Finally, click Save to apply the hold.

Enable litigation hold for mailboxes using PowerShell

Use the following PowerShell command with appropriate placeholders to enable litigation hold for a mailbox in the Exchange Online.

Set-Mailbox -Identity <Mailbox UPN> -LitigationHoldEnabled $true -LitigationHoldDate <MM/DD/YYYY> -LitigationHoldOwner <Hold Owner’s Name> -LitigationHoldDuration <Hold Duration>

To enable the litigation hold for all mailboxes, use the following command in the Exchange Online PowerShell.

Get-Mailbox -ResultSize Unlimited | ForEach-Object { Set-Mailbox -Identity $_.UserPrincipalName -LitigationHoldEnabled $true -LitigationHoldDate <MM/DD/YYYY> -LitigationHoldOwner <Hold Owner’s Name> -LitigationHoldDuration <Hold Duration>}

Note: To enable litigation hold on a mailbox, it must be assigned with an Exchange Online P2 license.

What happens when a user deletes emails from a mailbox placed under litigation hold?

When a litigation hold is turned on for a mailbox, users can remove items from their mailbox, but those items are still retained by Microsoft 365. Admins can identify these deletions during a Microsoft 365 forensic investigation.

The following occurs when a user deletes an email from a mailbox with litigation hold enabled.

Deleted items are moved to the ‘Recoverable Items’ folder, specifically to the 'Deletions' subfolder (not visible to users).
If a user deletes an item from the 'Deletions' subfolder (Recoverable Items in the UI), it is moved to the 'Purges' subfolder. Items in the 'Purges' subfolder are retained until the litigation hold gets removed or the hold duration expires.

2. How to prevent specific emails from being permanently deleted in Exchange Online mailboxes?

Previously, the "In-Place eDiscovery & Hold" feature in Office 365 allowed the preservation of specific email items across the organization. This enabled us to search and hold the specific email contents based on keywords, sender, recipient, etc.

Microsoft has retired its legacy eDiscovery tools, meaning you can no longer view or create in-place holds in Exchange Online. Instead, you can utilize Microsoft Purview eDiscovery (Standard) cases to create holds and export emails. This alternative offers additional functionalities, allowing you to hold content from all Microsoft 365 services, unlike the previous in-place hold which only applied to mailboxes.

How to create an eDiscovery hold in the Microsoft Purview Compliance portal?

Applying an eDiscovery hold to specific mailbox contents through the Microsoft Purview portal involves several steps. Here is a step-by-step guide.

Go to the eDiscovery (Standard) page in the Microsoft Purview portal and create a new case.
Go to the Hold tab and choose Create. Provide a unique name and description (optional).
On the Choose locations page, enable the Exchange mailboxes toogle and choose the mailboxes for which the hold must be applied.
On the Query page, use the Query builder or KQL editor to filter the specific mailbox contents to which you intend to apply the hold.
Review your settings and click Submit to apply the hold.

Note: Ensure the preservation of vital data with eDiscovery holds, while employing retention policies to eliminate unnecessary items.

Stay compliant and streamline your eDiscovery legal hold management with AdminDroid!

Track activities related to eDiscovery hold policies, such as creation, deletion, and modification, using the eDiscovery legal hold report.
Use the easy filters provided in the report to sort by operations, user actions, result status, user type, etc.

3. How to stop automatic email deletion in Exchange during an employee's extended leave?

You can place mailboxes on retention hold to temporarily disable the MRM retention policies from deleting or archiving emails.

What is retention hold in Exchange Online?

Retention hold, a vital feature within Exchange Online, empowers you to safeguard users’ email contents for specific durations.

Microsoft 365 admins often apply retention holds to the user mailboxes who are on extended leave. This action ensures that emails and other important data are preserved from auto-deletion due to retention policies during the user's absence. Applying this hold allows users to access their emails when they return from leave, without the risk of important data being deleted during their absence.

Place a mailbox on retention hold

We need to use PowerShell to place the retention hold on a mailbox because the Exchange admin center does not support this feature.
Connect to Exchange Online and execute the following command with the appropriate placeholders to place a mailbox on retention hold.

Set-Mailbox -Identity <Mailbox UPN> -RetentionHoldEnabled $true -StartDateForRetentionHold <MM/DD/YYYY> -EndDateForRetentionHold <MM/DD/YYYY>

Remove retention hold from a mailbox

To remove a retention hold from a mailbox in Exchange Online, execute the following cmdlet with the appropriate mailbox UPN.

Set-Mailbox -Identity <Mailbox UPN> -RetentionHoldEnabled $false

4. Can we place a shared mailbox on hold in Exchange Online?

Yes, shared mailboxes in Exchange Online can be placed on hold similarly to regular user mailboxes. However, to place a litigation or in-place hold on shared mailboxes, you must have an Exchange Online Plan 2 license or higher. Retention holds can be applied to shared mailboxes without requiring any licenses.

How to assign a license to a shared mailbox?

Assigning a license to a shared mailbox follows a similar process to assigning a license to a user. To do so, you can follow these steps in the Microsoft 365 admin center.

Go to the Active users tab under the Users section and choose the appropriate shared mailbox from the list.
Navigate to the License and apps page and select the appropriate license. Click Save changes to assign the license.

Utilize the Shared Mailboxes report from AdminDroid to easily identify shared mailboxes that lack licenses.

This report gives the basic details of all the shared mailboxes along with the license assigned status.
Analyze this report and assign licenses accordingly, as mailboxes require Exchange Online plan 2 license for litigation or in-place holds.

Handy Tip: Make clicks on the License Status column header to sort it in descending order to identify the unlicensed shared mailboxes at a glance.

5. How to search and export emails under hold using eDiscovery?

To search for and export emails under litigation, eDiscovery, or in-place holds, you can use the eDiscovery feature in the Microsoft Purview portal. Ensure you are using the Microsoft Edge browser and have the eDiscovery manager role assigned before proceeding with exporting email contents.

Here are the steps to search for and retain emails from mailboxes that have an active hold:

Go to the Microsoft Purview Portal»eDiscovery»Standard.
Create a new case or select the existing case if you’ve already created a related case.
Within the case, go to the Searches tab and create a New search with a unique name, targeting the appropriate mailboxes with specific conditions (for example, the subject or sender of the mail).
After creating an eDiscovery search, select it from the Search tab and allow some time for the search to complete.
Click on Actions and select Export results option followed by Export button.
After starting the export, navigate to the Exports tab in the case. Choose your search export and wait for the export to be scheduled (this process may take some time).
Copy the export key and click on the Download results option. Open the file to launch the eDiscovery Export tool.
Paste the copied export key, choose the location to store the downloaded files, and start the download.

Auditing all the content search-based activities that occurred in your Microsoft 365 organization is made easy!

Navigate to Audit»Security and Compliance»eDiscovery»Compliance search Activities in the AdminDroid reporter.
Analyzing this report can helps to identify the eDiscovery and compliance search creation, modification, deletion, retrieval, and terminations performed by admins.

Handy Hint: As AdminDroid is capable of providing reports related to all the M365 services, you can use the combination of “Ctrl + Shift + F” to search for and find your desired report.

6. How do I turn off the delay hold in Office 365?

Before proceeding to turn off the delay hold in Microsoft 365, you must understand what it is and why it was enabled.

What is a delay hold and why it is enabled in mailboxes?

A delay hold in Microsoft 365 is a feature designed to provide a 30-day buffer period after any type of hold is removed from a mailbox. This buffer prevents data from being permanently deleted (purged) immediately and allows admins to search for or recover items that would otherwise be purged.

A delay hold is placed on a mailbox the next time the Managed Folder Assistant processes the mailbox and detects that a hold was removed.

How to turn off the delay hold for mailboxes?

To remove the delay hold before the 30-day period expires, run the following command in the Exchange Online PowerShell.

Set-Mailbox –Identity <Mailbox UPN> -RemoveDelayHoldApplied

Identifying the list of mailboxes with delay hold applied is an easy task with AdminDroid!

You can find all the mailboxes with delay hold applied by including the Delay Hold column in the All Mailboxes report using Advanced Customization.
Since this report retrieves all properties related to the mailbox, you can customize it to meet your specific needs.

Pro Tip: Make use of the Save as View option to save your current customized report view for quick access in the future.