Pages

Friday, April 10, 2020

Licensing Details for Litigation Hold in Office 365


When there's a possibility or the likelihood of litigation, admins can place mailboxes on litigation hold or in-place hold. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold. eDiscovery is used to produce immutable copies of data for legal counsel or the courts.

Legal hold can also be used as an alternative to using third-party journaling solutions since all emails are retained and cannot be deleted by the user or admin, except by retention policies.

Litigation hold in O365 originally only existed for Exchange Online mailbox data, but has been extended to include other workflows, like SharePoint Online, Teams, Skype for Business Online, etc.

For more information about litigation or legal hold in Office 365 please read In-Place Hold and Litigation Hold in Exchange Server.

This article will describe the technical licensing requirements for holds in O365, both lit hold and in-place hold. For brevity I will refer to both types of holds as "lit hold" in this article, since the licensing requirements are the same for both.

The user you wish to place on hold must a subscription that includes Exchange Online (Plan 2). This includes the following online licenses:
  • Microsoft 365 E5
  • Microsoft 365 E3
  • Office 365 E5
  • Office 365 E3
Users in subscriptions that include Exchange Online (Plan 1) can also be put on hold if the user has the Exchange Online Archiving add-on license. Holds only apply to mailbox data with this license.

To learn how to place a mailbox on hold, see the following articles:
One of the advantages of lit hold is that the user account can be deleted after they leave the company and the data will still be preserved for eDiscovery. This way you're not burning a license for a user who does not access their mailbox any longer. This is called making a mailbox inactive. A lot of organizations do this, so I want to dive into the legalities of this.

First, it's completely acceptable to do this and Microsoft supports it.

Second, you need to aware of the licensing terms regarding license reassignment. According to the Microsoft Volume Licensing Product Terms,
Customer may reassign a License to another device or user, but not less than 90 days since the last reassignment of that same License, unless the reassignment is due to (i) permanent hardware failure or loss, (ii) termination of the user’s employment or contract or (iii) temporary reallocation of CALs, Client Management Licenses and user or device SLs to cover a user’s absence or the unavailability of a device that is out of service.
Let's use some examples to illustrate this.
  1. John Baker's mailbox is on litigation hold when he leaves the company. The administrator makes John's mailbox inactive by deleting John's user account, which releases John's Microsoft 365 E5 license. The inactive mailbox is still subject to eDiscovery searches until one of the following:
    • All litigation holds are released from John's mailbox (there may be more than one).
    • All the data ages out based on the organization's litigation hold retention policy. Discovery can still be made, but no results will be returned.
    • The organization is no longer a Microsoft Online customer. In this case, it is the responsibility of the organization to remove all data from Office 365 before they leave.
    The released license is reassigned to John's replacement, Gary. This license cannot be reassigned again to a another user for 90 days except for the reasons listed above.
  2. Susan Mitchell's mailbox is on litigation hold when she goes on leave for 30 days. Susan will not access her email while out on leave. The administrator deletes Susan's account from Azure AD, which removes her license, and assigns it to her temporary replacement. When Susan returns to work, the temporary replacement's account is deleted, which again removes the license, and the license is reassigned back to Susan. This is allowed by the licensing terms because it was a temporary reallocation.
  3. Contoso has assigned 100 Office 365 E3 licenses to its workers. Contoso buys 100 new Microsoft 365 E5 licenses, assigns them to the same workers, and removes their Office 365 E3 licenses. The Office 365 E3 licenses can be assigned to other workers but cannot be reassigned again for 90 days except for the reasons listed above.
  4. Northwind Traders has 500 Office 365 F1 licenses assigned to users. These licenses do not include Exchange Online (Plan 2), so litigation hold is not an option for these users, however Northwind wants to retain their emails indefinitely. The administrator assigns a single Microsoft 365 E3 license to a user, enables litigation hold, and then removes the E3 license. He then repeats these steps for each user. This is a licensing violation for several reasons - Active mailboxes under litigation hold must have a valid license that includes Exchange Online (Plan 2) and it violates the licensing reassignment policy.
  5. Fabrikam has 500 Microsoft 365 F1 licenses assigned to users. These licenses do not include Exchange Online (Plan 2), so litigation hold is not an option for these users, however Fabrikam wants to retain their emails indefinitely when they leave the company. Fabrikam also has a single Office 365 E3 license. Five users leave the company. The Administrator can assign the Office 365 E3 license to one of the five users, enable litigation hold for that user, then delete the user account (releasing the F1 and E3 licenses). The mailbox will be retained due to litigation hold. She can repeat this for each of the separated users, one at a time. This is permitted because the 90-day reassignment policy does not apply to terminated users.
Special note 1:
The correct way to remove a license from a lit hold mailbox is to delete the user account from Azure Active Directory, which releases the license. This is documented here. While you are not prevented from removing a license from an existing user account, it will put the Azure user into an error state. This should be avoided.

Special note 2:
There are some conditions where you may have a mailbox that no one logs into that may still require a license. Examples include shared mailboxes under lit hold or where messages stored in a shared mailbox are needed for a Microsoft 365 Advanced eDiscovery case (the shared mailbox is a "custodian"). 

Hopefully, this information is useful and clears up some confusion around litigation hold and licensing. Special thanks to Microsoft and Tony Redmond for reviewing this article for accuracy.

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.