Exchange Server

Understanding In-Place Hold and Litigation Hold in Exchange


In today’s Ask the Admin, I’ll explain the differences between Exchange In-Place Hold and Litigation Hold.

Litigation Hold was first introduced in Exchange 2010 and is designed to preserve all items in a mailbox indefinitely for the purposes of e-discovery. Litigation Hold can be applied to mailboxes or distribution groups. When a user’s mailbox is put on Litigation Hold, they are still able to delete items, but Exchange retains the deleted items indefinitely with immutability. For example, if the user changes an item, it will remain preserved in its original form.

While initially designed for e-discovery purposes in legal cases, Litigation Hold can also be used for archiving in other scenarios. The ability to define a hold period was added to Exchange Online in the form of the LitigationHoldDuration parameter, which allows you to set a retention period. This ability was later added to Exchange 2013.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

To put all mailboxes on Litigation Hold for seven years (2555 days), use the PowerShell code below. For more information on using PowerShell with Exchange Online, see “How to Connect to Exchange Online with PowerShell” on Petri.

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -LitigationHoldEnabled $true -LitigationHoldDuration 2555

Litigation Hold and In-Place Hold objects can also be created using the Exchange Admin Center (EAC).

In-Place Hold

In-Place Hold was introduced in Exchange 2013 and is also available in Exchange Online. Although similar, In-Place Hold doesn’t replace Litigation Hold and both are valid solutions in different scenarios. There are two ways that In-Place Hold can be applied.

Query-based In-Place Hold does exactly what it says on the tin and allows administrators to preserve items based on queries. Naturally the key advantage of this is cost, enabling organizations with on-premise Exchange to preserve specific items rather than entire mailboxes.

The PowerShell code below creates a new In-Place Hold object (InPlaceHold-Finance) and applies it to mailboxes in the DG-Finance distribution group. Items are preserved for seven years and a filter is applied using Boolean logic and a proximity operator (NEAR) to search for items that contain the word Toy, Toymaker, or anything similar, within three words of Acme, and that have Confidential or Privileged included.

New-MailboxSearch ‘InPlaceHold-Finance’ -SourceMailboxes DG-Finance -InPlaceHoldEnabled $true -ItemHoldPeriod 2555 -SearchQuery “(Acme NEAR(3) Toy*) AND (Confidential OR Privileged)”

Time-based In-Place Hold objects replicate the functionality of Litigation Hold and allow items to either be preserved indefinitely or for a specific period. Omitting the -ItemHoldPeriod parameter sets items to be preserved indefinitely. It’s also possible to add the -StartDate and -EndDate parameters to the New-MailboxSearch cmdlet.

Exchange 2016

In-Place Hold supports Public Folders for the first time in Exchange 2016. Additionally, In-Place eDiscovery, which gives users the ability to perform searches across all items including those placed on hold, can now run queries against all mailboxes simultaneously.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
13 Email Threat Types to Know About Right Now

As email threats evolve and multiply, keeping track of them all—and staying protected against the many different types—becomes a complex challenge. Today, that requires more than just the traditional email gateway solution that used to be good enough.

In this eBook you will learn:

  • What are the most common and challenging email attacks for organizations?
  • How to defend against sophisticated email threats, such as spoofing, social engineering, and fraud
  • How to protect employees at the inbox level with the right technologies and security-awareness training
  • How to use a multilayered protection strategy to reduce susceptibility to email attacks and better defend your business and employees

Sponsored by: