Use the Preservation Hold Settings page to add, edit, or remove preservation holds from legal hold projects with Microsoft 365 data sources.
Preservation hold settings temporarily grant collection admin permissions to the specified account user to determine custodian SP site access privileges during Target Discovery.
Note: If this is set to No, it is possible that not all relevant SharePoint sites will be returned during the Target Discover process.
This page contains the following information:
If you are intending to use preserve in place an Microsoft 365 account that has admin permissions will need to be created. Below are the required credentials before you begin setting up preserve in place.
|Name||Enter in the name to identify the data source.|
|Domain Name||Enter the Microsoft 365 Tenant Domain.|
|URL||This URL is the connection to Microsoft 365 Protection Services utilized by Relativity Legal Hold (read only).|
||Enter in the username of the account used to access Microsoft 365. This account must be assigned the eDiscovery Manager, SharePoint Administrator, and Compliance Admin roles in Microsoft 365, which is required to create and remove preservation holds.
This account needs to have the Compliance Admin role to preserve inactive mailboxes.
|Account Password||Enter in the password for the account user.|
|Resolve SharePoint Site Permissions
||Select Yes or No to temporarily grant the required permissions to the Account User in order to obtain the list of custodians that have access to a given site during the target discovery process.
To create a preservation hold for a custodian, the preservation hold settings will need to be added first. This is a one-time setup to create data sources for a preservation hold. Complete the process by following the steps below:
Navigate to the Preservation Hold Settings tab within Hold Admin.
Click the New Preservation Hold Settings button.
Fill out the fields:
- Name - enter in the name to identify the data source.
- Domain Name - enter the Microsoft 365 Tenant name. The domain name is located between @ and .onmicrosoft.com. For example, the domain in firstname.lastname@example.org is relativity.
- URL - this URL is the connection to Microsoft 365 Protection Services utilized by Relativity Legal Hold (read only).
- Account User - enter in the username of the account used to access Microsoft 365. This account must be assigned the SharePoint Administrator and Compliance Admin roles in Microsoft 365, which is required to create and remove preservation holds.
Note: An Microsoft 365 E3 license or higher is required by Microsoft in order to have access to Microsoft 365 preservation features.
- Account Password - enter in the password for the account user.
Note: Credentials used for accessing Microsoft 365 are stored in an encrypted state by Relativity for security purposes.
- Resolve SharePoint Site Permissions - select Yes to temporarily grant the required permissions to the Account User in order to obtain the list of custodians that have access to a given site during the target discovery process.
Note: If this option is not enabled, it is possible that not all targets will be returned during the discovery process. The Account User must have all required permissions to read the site properties. For more information, see Microsoft support.
To connect Relativity Legal Hold to your Microsoft 365 tenant, create a dedicated, non-personal Microsoft 365 service account. When setting up the service account, don't enable multi-factor authentication. The multi-factor authentication setting isn't supported and results in an inability to perform preservation work.
To not set up multi-factor authentication in Microsoft 365, leave the Microsoft 365 Business subscription security turned on. No steps need to be taken if defaults haven't been changed. If defaults have been changed, navigate to the Azure Active Directory Properties. Then locate the Manage Security defaults and select Yes. Selecting Yes enables the security defaults, meaning multi-factor authentication won't be used.
Also, during the setup of the service account in Microsoft 365, assign the eDiscovery Manager, SharePoint admin and Compliance admin roles to the service account. These roles are required by Microsoft and allow Relativity Legal Hold to initiate preservation requests.
If the admin account can't be granted SharePoint Admin privileges in Microsoft 365 for security reasons, you can utilize the Entity OneDrive URL feature to facilitate OneDrive preservations. You are still unable to preserve SharePoint site URLs since SharePoint Admin privileges are required by Microsoft.
To delete a preservation hold setting, delete all projects using the setting first. To learn how to delete projects, see Deleting a project. Once the projects have been deleted, navigate to the Preservation Hold Setting and click the Delete button. This action deletes the preservation hold setting from Relativity
Note: Due to background processes, the preservation hold setting may not be immediately deleted.