What is the difference between Litigation Hold and In-Place Hold in Exchange?

Litigation Hold preserves all mailbox content indefinitely, including deleted and modified items. In-Place Hold allows you to selectively preserve items based on query parameters such as keywords, date ranges, or senders. Litigation Hold is simpler to configure but less granular, while In-Place Hold provides targeted preservation for specific compliance or legal scenarios.

How long are deleted items recoverable in Exchange Online by default?

By default, Exchange Online retains deleted items in the Recoverable Items folder for 14 days. However, this can be extended up to 30 days using the Set-Mailbox cmdlet with the -RetainDeletedItemsFor parameter. If Litigation Hold or In-Place Hold is enabled, items are retained indefinitely regardless of this setting.

Can users still delete emails when Litigation Hold is enabled?

Yes, users can still delete emails normally when Litigation Hold is enabled. The items appear deleted from the user's perspective, but Exchange preserves a copy in the Recoverable Items folder's Purges subfolder. This hidden preservation ensures that even items purged from Deleted Items remain available for eDiscovery searches and legal compliance.

How to Prevent Items from Being Deleted in an Exchange 2013 / Online Mailbox

Organizations frequently need to prevent mailbox items from being permanently deleted in Microsoft Exchange 2013 and Exchange Online. Whether driven by legal requirements, regulatory compliance, or internal data governance policies, understanding the available retention and hold mechanisms is essential for Exchange administrators. This guide covers every method available to protect mailbox data from permanent deletion, complete with PowerShell commands and step-by-step configuration instructions.

Understanding the Deleted Items Lifecycle in Exchange

Before configuring any retention or hold features, it is important to understand how item deletion works in Exchange:

Soft Delete: A user deletes an item, and it moves to the Deleted Items folder.
Hard Delete: The user empties the Deleted Items folder or uses Shift+Delete. The item moves to the Recoverable Items folder.
Purge: After the deleted item retention period expires (default 14 days), the item is permanently removed from the Recoverable Items folder.

The Recoverable Items folder is a hidden storage area within each mailbox that acts as a safety net. It contains several subfolders:

Deletions: Items removed from Deleted Items (accessible via Recover Deleted Items in Outlook).
Versions: Original copies of modified items when hold is enabled.
Purges: Items that have been purged from the Deletions subfolder, preserved only when a hold is active.
Audits: Mailbox audit log entries if auditing is enabled.
DiscoveryHolds: Items preserved by In-Place Hold or eDiscovery holds.

Method 1: Retention Policies and Retention Tags

Retention policies are the primary mechanism for controlling how long items stay in specific mailbox folders. They work through Messaging Records Management (MRM) in Exchange.

Key Concepts

Retention Tags: Define the retention period and action for items. There are three types:
- Default Policy Tag (DPT): Applies to untagged items across the entire mailbox.
- Retention Policy Tag (RPT): Applies to specific default folders like Deleted Items, Inbox, or Sent Items.
- Personal Tag: Users can apply these to individual items or folders.
Retention Policy: A collection of retention tags assigned to a mailbox.
Managed Folder Assistant: The background process that enforces retention policies.

Configuring Retention Tags via Exchange Admin Center

Navigate to Compliance Management > Retention Tags.
Click the + icon and select Applied automatically to a default folder.
Configure the tag:
- Name: Deleted Items - Never Delete
- Apply this tag to the following default folder: Deleted Items
- Retention Action: Delete and Allow Recovery or choose Never for the retention period.
- Retention Period: Set to Never to prevent automatic deletion.
Save the tag.

Creating a Custom Retention Policy

Rather than modifying the Default MRM Policy, create a custom policy:

Navigate to Compliance Management > Retention Policies.
Click + to create a new policy.
Name it (e.g., Legal Hold Retention Policy).
Add the standard tags from the Default MRM Policy plus your custom tag.
Assign the policy to the target mailboxes.

Configuring Retention Tags with PowerShell

# Connect to Exchange Online PowerShell
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com

# Create a new retention tag for Deleted Items with no expiration
New-RetentionPolicyTag -Name "Deleted Items - Never Delete" `
    -Type DeletedItems `
    -AgeLimitForRetention $null `
    -RetentionEnabled $false `
    -Comment "Prevents automatic deletion of items in Deleted Items folder"

# Create a new retention policy
New-RetentionPolicy -Name "Legal Retention Policy" `
    -RetentionPolicyTagLinks "Deleted Items - Never Delete", `
        "Default 2 year move to archive", `
        "Personal 1 year move to archive", `
        "Personal 5 year move to archive", `
        "Personal never move to archive"

# Assign the retention policy to a specific mailbox
Set-Mailbox -Identity "john.doe@contoso.com" `
    -RetentionPolicy "Legal Retention Policy"

# Assign the retention policy to all mailboxes in bulk
Get-Mailbox -ResultSize Unlimited | Set-Mailbox `
    -RetentionPolicy "Legal Retention Policy"

# Force the Managed Folder Assistant to process a mailbox immediately
Start-ManagedFolderAssistant -Identity "john.doe@contoso.com"

Verifying Retention Policy Assignment

# Check which retention policy is assigned to a mailbox
Get-Mailbox -Identity "john.doe@contoso.com" | Format-List RetentionPolicy

# View all retention tags in a specific policy
(Get-RetentionPolicy "Legal Retention Policy").RetentionPolicyTagLinks

# Check the retention tags applied to a mailbox folder
Get-MailboxFolderStatistics -Identity "john.doe@contoso.com" -FolderScope DeletedItems |
    Format-List Name, ItemsInFolder, FolderSize, PolicyTag

Method 2: Litigation Hold

Litigation Hold is the simplest way to preserve all mailbox content indefinitely. When enabled, all items in the mailbox are retained, including items that users delete or modify.

How Litigation Hold Works

All deleted items are preserved in the Recoverable Items > Purges subfolder.
Original versions of modified items are saved in the Recoverable Items > Versions subfolder.
The Recoverable Items folder quota is automatically increased from 30 GB to 100 GB.
Users are unaware that their mailbox is on hold (unless you choose to notify them).
Items are preserved until the hold is explicitly removed.

Enabling Litigation Hold via Exchange Admin Center

Navigate to Recipients > Mailboxes.
Double-click the target mailbox.
Go to the Mailbox Features tab.
Under Litigation Hold, click Enable.
Optionally set a Litigation Hold Duration (in days) or leave blank for indefinite hold.
Add a Note and URL to inform the user if desired.

Enabling Litigation Hold with PowerShell

# Enable Litigation Hold on a single mailbox (indefinite)
Set-Mailbox -Identity "john.doe@contoso.com" `
    -LitigationHoldEnabled $true `
    -LitigationHoldDuration Unlimited

# Enable Litigation Hold with a specific duration (e.g., 365 days)
Set-Mailbox -Identity "jane.smith@contoso.com" `
    -LitigationHoldEnabled $true `
    -LitigationHoldDuration 365

# Enable Litigation Hold on all mailboxes in the organization
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} |
    Set-Mailbox -LitigationHoldEnabled $true -LitigationHoldDuration Unlimited

# Check Litigation Hold status for a mailbox
Get-Mailbox -Identity "john.doe@contoso.com" |
    Format-List LitigationHoldEnabled, LitigationHoldDate, LitigationHoldDuration

# Check all mailboxes on Litigation Hold
Get-Mailbox -ResultSize Unlimited -Filter {LitigationHoldEnabled -eq $true} |
    Format-Table DisplayName, PrimarySmtpAddress, LitigationHoldDate

Method 3: In-Place Hold (Query-Based Hold)

In-Place Hold provides more granular control than Litigation Hold by allowing you to specify criteria for which items to preserve. This is useful when you need to preserve only specific types of content.

Creating an In-Place Hold via Exchange Admin Center

Navigate to Compliance Management > In-Place eDiscovery & Hold.
Click + to create a new hold.
Name the hold and provide a description.
Select the mailboxes to place on hold.
Define search criteria:
- Keywords: Specific terms or phrases.
- Start date / End date: Date range for items to preserve.
- Sender / Recipient: Filter by email addresses.
Enable Place content matching the search query in selected sources on hold.
Choose to hold indefinitely or specify a number of days.

Creating an In-Place Hold with PowerShell

# Create an In-Place Hold on specific mailboxes with keyword filtering
New-MailboxSearch -Name "Project Alpha Legal Hold" `
    -SourceMailboxes "john.doe@contoso.com", "jane.smith@contoso.com" `
    -SearchQuery 'subject:"Project Alpha" OR "confidential"' `
    -InPlaceHoldEnabled $true `
    -ItemHoldPeriod Unlimited

# Start the search and hold
Start-MailboxSearch -Identity "Project Alpha Legal Hold"

# Create a date-based In-Place Hold
New-MailboxSearch -Name "2023 Financial Records Hold" `
    -SourceMailboxes "finance-team@contoso.com" `
    -StartDate "01/01/2023" `
    -EndDate "12/31/2023" `
    -InPlaceHoldEnabled $true `
    -ItemHoldPeriod Unlimited

# View existing In-Place Holds
Get-MailboxSearch | Format-Table Name, Status, InPlaceHoldEnabled

# Check which holds are applied to a specific mailbox
Get-Mailbox -Identity "john.doe@contoso.com" | Format-List InPlaceHolds

Method 4: Extending the Recoverable Items Retention Period

If you do not need a full hold but want a longer recovery window, you can extend the Recoverable Items retention period.

# View current deleted item retention for a mailbox
Get-Mailbox -Identity "john.doe@contoso.com" | Format-List RetainDeletedItemsFor

# Extend deleted item retention to 30 days for a single mailbox
Set-Mailbox -Identity "john.doe@contoso.com" -RetainDeletedItemsFor 30

# Extend deleted item retention to 30 days for all mailboxes
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} |
    Set-Mailbox -RetainDeletedItemsFor 30

# Verify the change
Get-Mailbox -Identity "john.doe@contoso.com" |
    Format-List DisplayName, RetainDeletedItemsFor

Compliance Considerations and Best Practices

When implementing item preservation, keep these compliance and operational factors in mind:

Regulatory Requirements: Industries like healthcare (HIPAA), finance (SEC Rule 17a-4, SOX), and government (FOIA) have specific data retention mandates. Map your hold strategy to the applicable regulations.
Recoverable Items Quota: Litigation Hold increases the quota to 100 GB, but monitor this with Get-MailboxStatistics to avoid mailbox issues.
Performance Impact: Large-scale holds can increase mailbox sizes significantly. Plan storage accordingly.
User Communication: Decide whether to inform users that their mailbox is on hold. Legal counsel may advise silent holds.
Documentation: Maintain records of when holds were enabled, the scope, and the authorizing party.
Regular Review: Periodically review active holds and remove them when no longer required to manage storage and compliance posture.

Monitoring Hold and Retention Health

# Check Recoverable Items folder size for a mailbox
Get-MailboxFolderStatistics -Identity "john.doe@contoso.com" -FolderScope RecoverableItems |
    Format-Table Name, FolderAndSubfolderSize, ItemsInFolderAndSubfolders

# Get all mailboxes with holds enabled
Get-Mailbox -ResultSize Unlimited |
    Where-Object {$_.LitigationHoldEnabled -eq $true -or $_.InPlaceHolds.Count -gt 0} |
    Format-Table DisplayName, LitigationHoldEnabled, @{N="InPlaceHolds";E={$_.InPlaceHolds.Count}}

# Export hold report to CSV
Get-Mailbox -ResultSize Unlimited |
    Select-Object DisplayName, PrimarySmtpAddress, LitigationHoldEnabled,
        LitigationHoldDate, LitigationHoldDuration,
        @{N="InPlaceHoldCount";E={$_.InPlaceHolds.Count}},
        RetainDeletedItemsFor |
    Export-Csv -Path "C:\Reports\MailboxHoldReport.csv" -NoTypeInformation

Choosing the Right Method

Feature	Retention Policy	Litigation Hold	In-Place Hold	Extended Retention
Scope	Folder-level	Entire mailbox	Query-based	Recoverable Items
Granularity	High	Low	High	Low
User Awareness	Visible via Outlook	Optional	Optional	Transparent
Duration Control	Per-tag	Indefinite or fixed	Indefinite or fixed	Up to 30 days
eDiscovery Integration	No	Yes	Yes	No
Best For	Day-to-day records management	Legal preservation	Targeted legal or compliance holds	Short-term recovery extension

Summary

Preventing items from being permanently deleted in Exchange 2013 and Exchange Online requires understanding the full spectrum of retention and hold capabilities. Retention policies provide day-to-day management of item lifecycles. Litigation Hold offers blanket protection for legal scenarios. In-Place Hold enables targeted preservation with search criteria. Extended Recoverable Items retention provides a simple buffer for accidental deletions. Choose the method that aligns with your organizational compliance requirements and implement it using the Exchange Admin Center or PowerShell commands outlined above.