How to Delete Emails From DiscoveryHolds (2024)

Let me walk you through the process to delete emails from discoveryholds on an Exchange Online mailbox.

We’ve got a shared mailbox in Exchange Online that gets its fair share of emails. The automated system takes care of processing and deleting them since they’re not needed afterward. No need for an archive setup—we’re not planning to hold onto any of it. The only hiccup is that the mailbox is hitting a roadblock when those backend holding areas get too full. The current setup deletes thousands of emails regularly, but when those recoverable items reach 100 GB, we’re stuck and can’t delete any new messages.

Is there a straightforward way to delete them?

Microsoft Purview got your back with a variety of options to keep your organization’s mailbox content safe from permanent deletion. This comes in handy for meeting compliance regulations or when you’re knee-deep in legal and other investigations. Check out this list of retention features, aka holds, in both Microsoft Purview and Microsoft 365.

• Litigation Hold:It steps in to safeguard user mailboxes in Exchange Online, ensuring no accidental deletions.
• eDiscovery hold:Holds tied to Microsoft Purview eDiscovery cases, cover user mailboxes, Microsoft 365 Groups, and Teams mailboxes.
• Microsoft Purview retention policies:When it comes to retention policies, Microsoft Purview offers two flavors. Specific location retention policies focus on individual users, and you can use the Get-Mailbox cmdlet for the nitty-gritty details. For the big picture, organization-wide retention policies cover all content locations in your setup, and Get-OrganizationConfig cmdlet provides the insights.
• Microsoft Purview retention labels:If a user slaps on a label configured to retain or delete content, it triggers a hold on the mailbox—akin to Litigation Hold or a Purview retention policy. For the full scoop, dive into the documentation, especially the sections covering specific inclusions/exclusions and policies that apply across the board.

Managing mailboxes on hold requires a bit of detective work. First things first, you’ve got to figure out the type of hold on a mailbox. This detective work is crucial for tweaking hold durations, doing a temporary or permanent hold removal, or giving a mailbox a pass from a Purview retention policy.

Here’s the scoop: multiple holds, of various types, can be chilling on a single mailbox. So, if you’re looking to make changes or bid farewell to a hold, you’ve got to identify all the holds snuggling up to that mailbox. It’s like holding a magnifying glass to understand the whole picture before making your move.

Step 1: Get the GUID for mailbox holds

let’s dive into the Exchange Online PowerShell world with these two trusty cmdlets to unveil the mysteries held within mailboxes:

Get-Mailbox:

• Use this to sniff out Litigation Hold status (enabled or disabled) and snag the GUIDs for eDiscovery Holds, In-Place Holds, and Microsoft Purview retention policies tied to a mailbox.
• It’s your go-to tool for discovering if a mailbox gave the cold shoulder to an organization-wide retention policy.

Get-OrganizationConfig:

This cmdlet spills the beans on the GUIDs for those organization-wide retention policies.

• Utilize the “Get-Mailbox” cmdlet to check Litigation Hold status, acquire GUIDs for eDiscovery Holds, In-Place Holds, and Microsoft Purview retention policies linked to a mailbox. The cmdlet output also highlights whether a mailbox is explicitly excluded from an organization-wide retention policy.
• For organization-wide retention policies, turn to the “Get-OrganizationConfig” cmdlet to retrieve the necessary GUIDs.

Now, run these commands to unfold the secrets held by a mailbox. Your GUIDs will be the key to unlocking specifics about holds and Purview retention policies. Time to unravel the mailbox mysteries!

Get-Mailbox “Display Name” | FL LitigationHoldEnabled,InPlaceHolds

To bid farewell to Litigation Hold for someone like Tom, Set-Mailbox “Tom” -LitigationHoldEnabled $False

For In-Place Holds removal, a quick check on the Microsoft website will guide you through the process.

If your Get-Mailbox reveals an empty InPlaceHolds property, don’t fret. It might be cozying up with organization-wide Purview retention policies.

Get-OrganizationConfig | FL InPlaceHolds

If the list gets too crowded and not all GUIDs are visible, pull a neat trick with Get-OrganizationConfig | Select-Object -ExpandProperty InPlaceHolds to see each GUID standing tall on its own line.

Note: If there are too many values in the InPlaceHolds property and not all of them are displayed, you can run the command to display each GUID on a separate line.

Get-OrganizationConfig | Select-Object -ExpandProperty InPlaceHolds

Ready to play some PowerShell magic? Go ahead and let those commands do their thing!

Grasp the InPlaceHolds format in retention policies

Let’s unravel the mysteries within the InPlaceHolds property! When you’re dealing with Microsoft Purview retention policies, keep an eye out for the prefix (mbx, skp, or grp) and the action suffix. The suffix is the real telltale sign, indicating the type of retention action configured for the policy. Check out these examples:

kp127d7cf1076947929bf136b7a2a8c36f:1

mbx7cfb30345d454ac0a989ab3041051209:2

grp1a0a132ee8944501a4bb6a452ec31171:3

The table below outlines the three potential retention actions:

Step 2: Utilize the GUID to identify the hold

Once you’ve got your hands on that GUID, it’s time to put it to work. Let’s uncover the name and other juicy details about the hold using that magic GUID. The following sections will guide you through the process, making sure you’re equipped to unveil the mysteries behind each hold. Ready to embark on the GUID adventure? Let’s dive in!

eDiscovery holds

To find out about an eDiscovery hold on a mailbox, just follow these steps in Security & Compliance PowerShell:

• Run the first command to create a handy variable with hold info.
• Use the second command to see the eDiscovery case linked to the hold.
• Lastly, the third command spills the beans on the hold’s name and the mailboxes it’s got its eyes on. Easy peasy!

$CaseHold = Get-CaseHoldPolicy

Get-ComplianceCase $CaseHold.CaseId | FL Name

$CaseHold | FL Name,ExchangeLocation

Utilize the Exchange admin center to remove an In-Place Hold

• Head over to Compliance management and click on In-Place eDiscovery & Hold.
• Look through the list and pick the In-Place Hold you want to bid farewell to. Give it a click and hit Edit.
• On the In-Place Hold page, uncheck the box that says “Place content matching the search query in selected sources on hold.” Then, hit Save.
• Go back to the list, find that In-Place Hold again, and this time, click Delete.
• A warning will pop up—click Yes to officially part ways with that search. Easy peasy, right?

Utilize the Exchange Management Shell to remove an In-Place Hold

First, we’re turning off the in-place hold called Hold-CaseId012, and then we’re getting rid of the mailbox search.

Set-MailboxSearch “Hold-CaseId012” -InPlaceHoldEnabled $false; Remove-MailboxSearch “Hold-CaseId012”

Microsoft Purview retention policies

Hop on the Security & Compliance PowerShell and fire up this command to pinpoint the Microsoft Purview retention policy—whether it’s on an organization-wide scale or a specific location—for the mailbox. Remember to use the GUID without the mbx, skp, or grp prefixes, or the action suffix that you discovered in Step 1.

Get-RetentionCompliancePolicy 17cfb30345d454ac0a989ab3041051209 -DistributionDetail | FL Name,*Location

In my situation, the shared mailbox isn’t under litigation hold or ediscovery hold, but all users are part of TeamsChatLocation and TeamsChannelLocation. This signals that the retention policy is set to retain items without deletion even after the retention period lapses.

Keep in mind that by default, all teams and users are included, but you have the flexibility to fine-tune this by opting for Choose and Exclude.

Now, to clear out the emails held by the organization mentioned earlier, we need to remove the mailbox from the retention compliance policy. Just execute the following command to exclude the mailbox from the organization’s hold:

Set-RetentionCompliancePolicy 17cfb30345d454ac0a989ab3041051209 -AddTeamsChatLocationException “Shared Mailbox Email Address”

Once the mailbox is excluded, the emails that were previously held by the retention compliance policy will begin to vanish.

Quick heads-up: these emails will be gone for good, and there’s no way to recover them once they’re deleted.

Now, fire off the commands below to kickstart the messaging records management (MRM) processing for the mailbox:

1. Start-ManagedFolderAssistant -Identity “Shared Mailbox Email Address”
2. Start-ManagedFolderAssistant -Identity “Shared Mailbox Email Address” -FullCrawl
3. Start-ManagedFolderAssistant -Identity “Shared Mailbox Email Address” -HoldCleanup

If, by any chance, emails are still lingering in the primary mailbox, double-check the retention policy assigned to it. I’ve set a 1-day duration for the permanent delete, so that might be the culprit.

Once the retention policy is in place, hit the play button on the script below to give the agent a nudge and process those emails:

while($true)
{
start-managedfolderassistant “Email Address”
write-host “waiting”; start-sleep -seconds 300;
}

This should get things moving and ensure that the retention policy is doing its job effectively.

Mastering the art of deleting emails from DiscoveryHolds on Exchange Online is a crucial skill for maintaining a clutter-free mailbox. Through the insights provided in this guide, you’ve navigated the intricacies of Microsoft Purview and Exchange Online, understanding the significance of holds, retention policies, and the PowerShell commands needed for effective mailbox management.

Remember, the key lies not only in deleting emails but also in understanding the various holds that may be in place. Whether it’s Litigation Hold, eDiscovery hold, or Microsoft Purview retention policies, the detective work involved ensures you can make informed decisions about your mailbox.

By following the step-by-step instructions outlined here, you’ve gained valuable insights into identifying holds, removing them when necessary, and ensuring your organization’s compliance needs are met.

As you embark on your journey to delete emails from DiscoveryHolds, leverage the power of PowerShell commands, explore retention policies, and fine-tune your mailbox management strategies. Clearing the path for efficient communication and decluttering your inbox is not just a one-time task; it’s an ongoing process.

Feel free to explore more articles on mailbox management, PowerShell tips, and related topics to enhance your proficiency in Exchange Online. Your commitment to mastering these tools will undoubtedly contribute to a streamlined and organized email experience.

If you have any questions or insights to share about deleting emails from DiscoveryHolds, don’t hesitate to leave a comment below. Happy decluttering!