On July 1, 2017, Microsoft will transition the workload-specific eDiscovery features – In-Place eDiscovery and In-Place Hold in Exchange Online and the eDiscovery Center in SharePoint Online, to the Security and Compliance Center, a new, unified security and compliance console.

The documentation for these features was updated a long time ago to reflect these upcoming changes. You can find more details and answers to frequently asked questions in SharePoint and Exchange Online eDiscovery Transitioning to Office 365 Security & Compliance Center.

Screenshot: In-Place eDiscovery and In-Place Hold in the Exchange Admin Center (EAC)
Figure 1: In-Place eDiscovery and In-Place Hold in the Exchange Admin Center (EAC)

Screenshot: eDiscovery Center in SharePoint Online
Figure 2: eDiscovery Center in SharePoint Online

What it means for you

What it means for eDiscovery managers – you won’t be able to create new eDiscovery searches and cases using these tools. You will still be able to run and manage existing searches and cases. The change will impact the feature in the admin interfaces for Exchange Online and SharePoint Online, as well as PowerShell, which will no longer allow you to use the New-MailboxSearch cmdlet.

eDiscovery in Office 365 Security and Compliance Center

The Security and Compliance Center has evolved quite quickly and now offers some very powerful set of eDiscovery features, including Advanced eDiscovery, which allows you to analyze data from eDiscovery searches, reduce data to be reviewed by eliminating near duplicates and irrelevant content, and allows more efficient document review.

Screenshot: eDiscovery in Office 365 Security and Compliance Center
Figure 3 eDiscovery in Office 365 Security and Compliance Center

When you log in to the SCC, you’ll see Content Search and eDiscovery under Search & investigation section. Content Search provides the search capabilities. eDiscovery, referred to as eDiscovery Cases in the documentation, provides case management functionality that was previously available in the eDiscovery Center in SharePoint Online.

Screenshot: Content Search in Office 365 Security and Compliance Center
Figure 4 Content Search in Office 365 Security and Compliance Center

eDiscovery offers far better performance than the older workload-specific features, allowing you to search tens of thousands of mailboxes in a single search.

What about Exchange’s In-Place Hold and Litigation Hold?

Exchange Online’s In-Place Hold and Litigation Hold allow you to preserve content. In-Place Hold, which allows you to place content matching a search query on hold (aka a Query-based In-Place Hold), is integrated with In-Place eDiscovery. Both use an underlying Mailbox Search object. Disabling creation of new mailbox searches prevents you from creating new In-Place Holds as well.

Litigation Hold, which is a mailbox property, will continue to be available after July 1. You’ll continue to be able to place mailboxes on Litigation Hold in Exchange Online.

Screenshot: Hold in Office 365 Security and Compliance Center
Figure 5 Placing eDiscovery Case content on hold in Office 365 Security and Compliance Center

Over in the SCC, the hold functionality is included in eDiscovery Cases. It allows you to place content across Office 365 workloads (Exchange mailboxes, SharePoint sites, OneDrive for Business, et al) on hold as long as the case is open. Importantly, when you close an eDiscovery case, content is removed from hold. This is similar to the hold experience in the eDiscovery Center feature being deprecated.

Any existing In-Place Holds will continue to be active after July 1 until you remove them.


Windows Server 2012 support lifecycle extended

Microsoft has extended product support lifecycle for Windows Server 2012 to align with the standard product lifecycle support timeline. Mainstream Support for Windows Server 2012 now ends on Oct. 9th, 2018. The new end of Extended Support date is Oct. 10th, 2023. Both can be found here. Microsoft Product Lifecycle Microsoft product lifecycle dictates how […]

More →

Dealing with WordPress’ Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint

On Thursday, WordPress.org released WordPress 4.7.2, fixing the following four vulnerabilities. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is […]

More →

Enable remote desktop (RDP) connections for admins on Windows Server 2016

Windows Server 2016 has reached the General Availability (GA) milestone today. You can download it from your volume licensing site or MSDN. You can also create Azure VMs with Windows 2016. The latest and greatest Windows Server has many new Remote Desktop features. See What’s New in Remote Desktop Services in Windows Server 2016 for […]

More →

BleachBit’s claim of permanently deleting emails from Exchange

In a recent news segment featuring BleachBit, Fox Business questioned whether Democratic presidential nominee Hillary Clinton may have used the software to permanently delete emails from her mail server. The segment features BleachBit lead developer Andrew Viem. Politics and click bait headlines aside, readers will find the claims interesting. How to delete secret emails from […]

More →

Google adds Microsoft Exchange support to Gmail app for Android

Google has announced Microsoft Exchange support in its Gmail client for Android. Exchange ActiveSync (EAS) is the ubiquitous protocol for mobile email clients to sync with Exchange Server, Office 365, and other products/services that license it. EAS support in the Gmail client now allows it to access both Exchange Server and Exchange Online, the on-premises […]

More →

Use a PowerShell function to find an email address in Exchange

Exchange admins frequently need to find an Exchange recipient with a specified email address, particularly for generic organizational addresses such as [email protected] Five and a half ways to find an email address in Microsoft Exchange and Active Directory lists a few ways to do it, including PowerShell. If you do this frequently, you can add […]

More →

Use a PowerShell function to get AutoDiscover XML

If you manage Exchange or support Exchange Online users, you may need to retrieve the AutoDiscover XML response. You can use the Test E-mail AutoConfiguration option in Outlook or the AutoDiscover tests in Microsoft Remote Connectivity Analyzer to retrieve the AutoDiscover response. The good news is you can also use a PowerShell one-liner or function […]

More →

Maximum number of In-Place Holds on a mailbox in Exchange 2013 and Office 365

Since the early days of In-Place Hold, the number floating around (and documented) is a maximum of five In-Place Holds before Exchange holds all content, but it’s incorrect. See the Updates section at the bottom of this article for the latest. In Exchange 2013 and Exchange Online, you can use In-Place Hold to place messages […]

More →

eDiscovery Limits and Throttling Policies in Exchange Server and Office 365

In Exchange 2013 and Exchange Online, In-Place eDiscovery allows you to search a large number of mailboxes. Although the searches are performed against the indexes built by Exchange Search, they can potentially consume significant system resources. In on-premises deployments, this generally happens in control of or with the knowledge of Exchange admins, who can and […]

More →