Many organizations contemplating a move to Office 365 have major concerns about security and compliance. Some may...
even abandon plans to move to the cloud because of compliance worries. Many of the legal and regulatory tasks administrators perform with on-premises Exchange Server can now be replicated with the updated Office 365 eDiscovery tool and other compliance utilities.
The most fundamental components of message compliance are protection and search and export. In this context, protection means ensuring messages are available for discovery for a specified amount of time. Some companies have a legal requirement to maintain messages for two years, so administrators must protect against end-user deletion or unfit automatic email retention policies.
Microsoft recently shifted the location of Exchange management tools, and it put most of the retention and compliance utilities in the Office 365 Security & Compliance Center. Go to the Office 365 Security & Compliance Center to see the new tool set (Figure 1).
The area provides tools to manage the security and compliance of the entire Office Online suite -- not just Exchange. This article covers just a few of the available tools, but I encourage administrators to explore what else is offered. Office 365 eDiscovery is an important message protection tool under the Data management and Search & investigation areas. We'll explore Retention's Delete and Preserve in a separate article.
Digging deeper into compliance issues
It's possible your company does not have a mandate to protect items for compliance. European companies should read this document retention guide; administrators at American companies should read this white paper. These documents can help explain retention guidelines that may apply to your company. Ultimately, it's up to the legal department to interpret laws that govern compliance requirements in the organization. If there is an Office 365 migration in the works, and there is no clear compliance policy, discuss it with the legal team.
Using Office 365 eDiscovery Search and Export
This set of tools requires some practice and experimentation. The Office 365 eDiscovery feature in the Security & Compliance Center has more power and versatility than similar tools in on-premises Exchange Server 2013 and 2016, and the Office 365 Exchange administrator console.
From the Security & Compliance Center, select eDiscovery from the left side of the screen beneath the Search & investigation section.
In the Office 365 eDiscovery section, we go from searching data to creating cases to share with the company's legal department or with contactors. Here's how to create a new case (Figure 3). Click the plus sign above the Case name list. Enter details at the next screen and assign it to people who need to see the case. Click Finish to create the rule.
Select the case, then click the pencil icon to modify the search criteria (Figure 4).
Figure 5 shows the details of the case. To add a search, select Searches in the left panel; then, click the plus sign to create a new search; and then select a name and the parameters of the search. You can search individual mailboxes, all mailboxes, SharePoint sites and public folders. Click Next to continue.
The search conditions page (Figure 6) features a field to enter keywords and specific message properties, such as sender, recipient and dates. For this example, enter a search string and click Search to find the relevant messages.
Check the details of the search from the Searches window (Figure 7) and export the results from this page. One improvement to this process is the ability to export to a PST file.
The preview option is much better than in previous iterations of Office 365 eDiscovery (Figure 8). Select the Preview Search Results option from the Searches page to see a list of the messages that match the search criteria.
Office 365 eDiscovery holds
The Office 365 eDiscovery case management tool is essentially a litigation hold and a carryover from on-premises Exchange, but the terminology is different. A hold keeps all the data in the mailbox or other source until the administrator releases it.
A problem with legal holds is remembering why a mailbox is on hold in the first place. By using the same case structure within the Security & Compliance Center, administrators create new Office 365 eDiscovery cases or modify existing ones to identify and categorize specific mailbox holds.
From the eDiscovery case we created, select Holds from the left panel and click the plus sign to create a new hold (Figure 9). When the New case hold window opens, click the plus sign to select the Office 365 mailboxes to apply a hold. Administrators can also select Office 365 SharePoint sites for indexing here. Click Finish to continue.
The hold may take several minutes to begin. Once a mailbox is on hold, its recoverable items quota increases to 100 GB automatically. Administrators can monitor a busy mailbox that has been held for an extended amount of time to avoid a space issue.
Considerations before migrating to Exchange 2016
Talk dollars: What do Exchange and Office 365 cost?
Making sense of Office 365 licensing options