In Exchange Server 2010, the notion of legal hold is to hold all mailbox data for a user indefinitely or until when hold is removed. In Exchange 2013, In-Place Hold introduces a new model that allows you to specify the following parameters:

• What to hold   You can specify which items to hold by using query parameters such as keywords, senders and recipients, start and end dates, and also specify the message types such as email messages, calendar items, etc. that you want to place on hold.
  
  
• How long to hold   You can specify a duration for items on hold.
  
  

Using this new model, In-Place Hold allows you to create granular hold policies to preserve mailbox items in the following scenarios:

• Indefinite hold   The indefinite hold scenario is similar to litigation hold in Exchange 2010. It’s intended to preserve mailbox items so you can meet eDiscovery requirements. During the period of litigation or investigation, items are never deleted. The duration isn’t known in advance, so no end date is configured. To hold all mail items indefinitely, you don’t specify any query parameters or time duration when creating an In-Place Hold.
  
  
• Query-based hold   If your organization preserves items based on specified query parameters, you can use a query-based In-Place Hold. You can specify query parameters such as keywords, start and end dates, sender and recipient addresses, and message types. After you create a query-based In-Place Hold, all existing and future mailbox items (including messages received at a later date) that match the query parameters are preserved.
  
  
  
  

  Important:
  In Exchange 2013, you can’t use a query-based In-Place Hold to place unsearchable items on hold. If you need to place unsearchable items on hold, don’t specify a search query when creating the search. To learn more about which items are considered unsearchable for In-Place eDiscovery and Hold, see In-Place eDiscovery.

• Time-based hold   Whereas litigation hold places all mailbox content on hold indefinitely or until you remove the hold, In-Place Hold allows you to specify a duration of time for which to hold items. The duration is calculated from the date a mailbox item is received or created.
  
  If your organization requires that all mailbox items be preserved for a specific period, for example 7 years, you can create a time-based hold. In Exchange 2013, you can specify a retention period for items on hold. Items on hold are aged based on their date received. For example, consider a mailbox that’s placed on a time-based In-Place Hold and has a retention period set to 365 days. If an item in that mailbox is deleted after 300 days from the date it was received, it’s held for an additional 65 days before being permanently deleted. You can use a time-based In-Place Hold in conjunction with a retention policy to make sure items are preserved for the specified duration and permanently removed after that period.
  
  

You can use In-Place Hold to place a user on multiple holds. When a user is placed on multiple holds, search parameters of all In-Place Holds are applied together (using an OR operator). If a mailbox is placed on more than five holds, all items are held until the holds are removed, replicating the litigation hold behavior until the number of holds on the mailbox is reduced to five or less.

Authorized users that have been added to the Discovery Management role-based access control (RBAC) role group or assigned the Legal Hold and Mailbox Search management roles can place mailbox users on In-Place Hold. You can delegate the task to records managers, compliance officers, or attorneys in your organization's legal department, while assigning the least privileges. To learn more about assigning the Discovery Management role group, see Add a User to the Discovery Management Role Group.

Important:
In Exchange 2010, the Legal Hold role provided user with sufficient permissions to place mailboxes on litigation hold. In Exchange 2013, you can use the same permission to place mailboxes on an indefinite or time-based In-Place Hold. However, to create a query-based In-Place Hold, the user must be assigned the Mailbox Search role. The Discovery Management role group has both these roles assigned.

In Exchange 2013, In-Place Hold functionality is integrated with In-Place eDiscovery searches. You can use the In-Place eDiscovery & Hold wizard in the Exchange Administration Center (EAC) or the New-MailboxSearch and related cmdlets in Exchange Management Shell to place a mailbox on In-Place Hold. To learn more about placing a mailbox on In-Place Hold, see Create or Remove an In-Place Hold.

Note:
If you use Exchange Online Archiving to provision a cloud-based archive for your on-premises mailboxes, you must manage In-Place Hold from your on-premises Exchange 2013 organization. Hold settings are automatically propagated to the cloud-based archive using DirSync.

Many organizations require that users be informed when they're placed on hold. Additionally, when a mailbox is on hold, any retention policies applicable to the mailbox user don't need to be suspended. Because messages continue to be deleted as expected, users may not notice they're on hold. If your organization requires that users on hold be informed, you can add a notification message to the mailbox user's Retention Comment property and use the RetentionUrl property to link to a web page for more information. Outlook 2010 and later displays the notification and URL in the backstage area. You must use the Shell to add and manage these properties for a mailbox.

In-Place Hold uses the Recoverable Items folder to preserve items. The Recoverable Items folder replaces the feature informally known as the dumpster in previous versions of Exchange. The Recoverable Items folder is hidden from the default view of Outlook, Outlook Web App, and other email clients. To learn more about the Recoverable Items folder, see Recoverable Items Folder.

By default, when a user deletes a message from a folder other than the Deleted Items folder, the message is moved to the Deleted Items folder. This is known as a move. When a user soft deletes an item (accomplished by pressing the SHIFT and DELETE keys) or deletes an item from the Deleted Items folder, the message is moved to the Recoverable Items folder, thereby disappearing from the user’s view.

Items in the Recoverable Items folder are retained for the deleted item retention period configured on the user’s mailbox database. By default, the deleted item retention period is set to 14 days for mailbox databases. You can also configure a storage quota for the Recoverable Items folder. This protects the organization from a potential denial of service (DoS) attack due to rapid growth of the Recoverable Items folder and therefore the mailbox database. If a mailbox isn’t placed on In-Place Hold or litigation hold, items are purged permanently from the Recoverable Items folder on a first in, first out basis when the Recoverable Items warning quota is exceeded, or the item has resided in the folder for a longer duration than the deleted item retention period.

The Recoverable Items folder contains the following subfolders used to store deleted items in various sites and facilitate In-Place Hold and litigation hold:

1. Deletions   Items removed from the Deleted Items folder or soft-deleted from other folders are moved to the Deletions subfolder and are visible to the user when using the Recover Deleted Items feature in Outlook and Outlook Web App. By default, items reside in this folder until the deleted item retention period configured for the mailbox database or the mailbox expires.
   
   
2. Purges   When a user deletes an item from the Recoverable Items folder (by using the Recover Deleted Items tool in Outlook and Outlook Web App, the item is moved to the Purges folder. Items that exceed the deleted item retention period configured on the mailbox database or the mailbox are also moved to the Purges folder. Items in this folder aren’t visible to users if they use the Recover Deleted Items tool. When the mailbox assistant processes the mailbox, items in the Purges folder are purged from the mailbox database. When you place the mailbox user on litigation hold, the mailbox assistant doesn’t purge items in this folder.
   
   
3. DiscoveryHold   If a user is placed on an In-Place Hold, deleted items are moved to this folder. When the mailbox assistant processes the mailbox, it evaluates messages in this folder. Items matching the In-Place Hold query are retained until the hold period specified in the query. If no hold period is specified, items are held indefinitely or until the user is removed from the hold.
   
   
4. Versions   When a user placed on In-Place Hold or litigation hold, mailbox items must be protected from tampering or modification by the user or a process. This is accomplished using a copy-on-write process. When a user or a process changes specific properties of a mailbox item, a copy of the original item is saved in the Versions folder before the change is committed. The process is repeated for subsequent changes. Items captured in the Versions folder are also indexed and returned in In-Place eDiscovery searches. After the hold is removed, copies in the Versions folder are removed by the Managed Folder Assistant.
   
   

Properties that trigger copy-on-write

Important:

Copy-on-write is disabled for calendar items in the organizer's mailbox when meeting responses are received from attendees and the tracking information for the meeting is updated. For calendar items and items that have a reminder set, copy-on-write is disabled for the ReminderTime and ReminderSignalTime properties. Changes to these properties are not captured by copy-on-write. Changes to RSS feeds aren’t captured by copy-on-write.

Although the DiscoveryHold, Purges, and Versions folders aren't visible to the user, all items in the Recoverable Items folder are indexed by Exchange Search and are discoverable using In-Place eDiscovery. After a mailbox user is removed from In-Place Hold or litigation hold, items in the DiscoveryHold, Purges, and Versions folders are purged by the Managed Folder Assistant.

Items in the Recoverable Items folder aren't calculated toward the user's mailbox quota. In Exchange 2013, the Recoverable Items folder has its own quota. When a user's Recoverable Items folder exceeds the warning quota for recoverable items (as specified by the RecoverableItemsWarningQuota parameter), an event is logged in the Application event log of the Mailbox server. When the folder exceeds the quota for recoverable items (as specified by the RecoverableItemsQuota parameter), users won't be able to empty the Deleted Items folder or permanently delete mailbox items. Also copy-on-write won't be able to create copies of modified items. Therefore, it's critical that you monitor Recoverable Items quotas for mailbox users placed on In-Place Hold.

For mailbox databases, the default RecoverableItemsWarningQuota and RecoverableItemsQuota values are set to 20 Gb and 30 Gb respectively. These settings are usually sufficient for storing several years of mailbox data when on In-Place Hold. To modify these values for a mailbox database, use the Set-MailboxDatabase cmdlet. To modify them for individual mailboxes, use the Set-Mailbox cmdlet.

Note:
In Exchange Online, Recoverable Items quotas are managed automatically.

Litigation hold, the hold feature introduced in Exchange 2010 to preserve data for eDiscovery, is still available in Exchange 2013. Litigation hold uses the LitigationHoldEnabled property of a mailbox. Whereas In-Place Hold provides granular hold capability based on query parameters, hold period, and the ability to place multiple holds, litigation hold only allows you to place all items on hold indefinitely or until hold is removed.

In Exchange Online, you can also specify the litigation hold duration for a mailbox.

Note:
Although litigation hold is still available in Exchange 2013 and Exchange Online, it is deprecated. We recommend that you use In-Place Hold to place all items or items matching search criteria on hold.

When an item is placed on one or more In-Place Holds and litigation hold at the same time, all items are held indefinitely or until the holds are removed. If you remove litigation hold and the user is still placed on one or more In-Place Holds, items matching the In-Place Hold criteria are held for the period specified in the hold settings. When you move a mailbox that’s on litigation hold in Exchange 2010 to an Exchange 2013 Mailbox server, the litigation hold setting continues to apply, ensuring that compliance requirements are met during and after the move.

Exchange 2013, Microsoft Lync 2013 and Microsoft SharePoint 2013 provide an integrated preservation and eDiscovery experience that allows you to preserve and search for items across the different data stores. Exchange 2013 allows you to archive Lync Server 2013 content in Exchange, removing the requirement of having a separate SQL Server database to store archived Lync content. The integrated hold and eDiscovery capability in SharePoint 2013 allows you to preserve and search data across all stores from a single console.

When you place an Exchange 2013 mailbox on In-Place Hold or litigation hold, Microsoft Lync 2013 content (such as instant messaging conversations and files shared in an online meeting) are archived in the mailbox. If you search the mailbox using the eDiscovery Center in Microsoft SharePoint 2013 or In-Place eDiscovery in Exchange 2013, any archived Lync content matching the search query is also returned in search results. You can also restrict the search to Lync content archived in the mailbox.

To enable archiving of Lync content in Exchange 2013 mailbox, you must configure Lync 2013 integration with Exchange 2013. For details, see the following topics:

• Planning for Archiving
  
  
• Deploying Archiving