Over the last few years, it has become increasingly common for an organization's Exchange Server message archives to be subpoenaed as a part of the litigation process. When this happens, organizations are burdened with the task of collecting all messages relevant to the associated legal proceeding, ensuring that none of those messages are purged -- even if they're older than the required retention period.
Previous versions of Exchange Server required third-party software for discovery and legal hold. However, a new set of Exchange Server 2010 features, including multi-mailbox search and legal hold, take some of the stress out of meeting legal requests.
Role Based Access Control in Exchange 2010
Before tackling legal hold, you should become familiar with management role assignments. Exchange Server 2010 makes use of a new permissions model called Role Based Access Control (RBAC). This model lets you delegate administrative control based on the tasks the administrator needs to perform.
Management roles are the cornerstone of RBAC. A management role consists of a collection of cmdlets or scripts that gives users with delegated roles the ability to perform specific tasks. In Exchange Server 2010, Legal Hold is actually a management role.
What is the Exchange 2010 Legal Hold role?
Although Exchange Server 2010 has a Legal Hold management role, Microsoft also uses the term "legal hold" as a verb. For example, you may be asked to put a mailbox on legal hold. This means that you prevent messages in the mailbox from being deleted. A legal hold does not lock a user's mailbox to keep him from using it.
A legal hold prevents the Managed Folder Assistant or the user from permanently deleting messages. Placing a mailbox on legal hold preserves a user's deleted and edited items, including email messages, calendar entries, tasks, etc. The legal hold applies to a user's primary mailbox as well as his archive mailbox.
However, placing a hold on messages is only part of the process. Another large component of legal hold is the multi-mailbox search feature, which allows administrators to perform complex queries across a collection of mailboxes or an entire organization. This feature is designed to easily find dates related to a specific case.
Do you still need third-party e-discovery tools?
Since Exchange Server 2010 has native e-discovery tools, do you still need third-party software? I think the jury is still out on this. Exchange Server 2010 hasn't been available long enough to know for certain how well the Legal Hold feature will work in real-world situations. However, I'm willing to bet that larger organizations may still need third-party software.
I believe that since Legal Hold is a mailbox level feature, you can place a legal hold on the entire organization or on specific mailboxes. I don't think this feature will be a granular enough for larger organizations that may have tens of thousands of mailboxes. These organizations may want to place a legal hold at the folder level or even on specific messages, which is impossible without the use of third-party software.
The multi-mailbox search feature is also reportedly slow in larger environments. This may not be a problem when it comes to complying with a subpoena, but performance issues can make it difficult for organizations to perform a quick check of their message archives if they suspect that litigation is pending.
About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.