In this article, we are going to deep dive about compliance and eDiscovery concepts, which will be an essential part to meet the legal requirement.
Emails are now essential part of communication for any corporate environment. When it comes to corporate and MNCs, there are rules and Laws that are governing the management, employees and labors of that company. So it is mandatory for any company to follow certain Compliance features for legal and management aspects.
Below are the certain major components of Compliance features. These are fully functional features only from exchange 2013 onwards.
- In-Place Hold
- Litigation Hold
- Data Loss Prevention (DLP)
To perform some of the above mentioned actions, users should have been assigned with some special permission.
RBAC stands for Role Based Access Control. RBAC is one of the successful and interesting ways of assigning permission to various kinds of administrators. By default “Organization Management” is the highest role-group in exchange system and it has been provided with all the roles (Access) except for compliance. Hence we should create a separate role group or add those roles to Organization Management Group. “Legal Hold” and “Mailbox Search” are the two roles that needs to be added for Compliance and eDiscovery searches.
eDiscovery was called as multi-mailbox search in exchange 2010. It is an upgraded version and eDiscovery is fully functional from Exchange 2013 onwards. eDiscovery is used to search emails for a specific date on all the mailboxes or some particular mailboxes. For eDiscovery to work, the Content Search Indexer and its relevant service should work properly, because this feature completely relies on Content Index Catalogue.
eDiscovery can be performed using the front end portal or Powershell. In the Portal in Exchange 2013, we should navigate to Exchange Admin Centre → Compliance Management → In-Place eDiscovery & Hold. We can create a search over there and export the results to a discovery search mailbox or download as a PST.
PowerShell Command: To create a search query, we need to run the following command in the Exchange management shell.
New-MailboxSearch “Termination Case” -StartDate “01/01/2015” -EndDate “12/31/2015” -SourceMailboxes “Test User 1” -TargetMailbox “Discovery Search Mailbox” -SearchQuery ‘”Cheque” AND “Project A”‘ -MessageTypes Email -IncludeUnsearchableItems -LogLevel Full -InPlaceHoldEnabled $true
Once the query is created then to start the search we need to run the following command
Start-MailboxSearch “Termination Case”
Once we perform an eDiscovery search, we will get certain results based on the search. The resulting emails can be placed on In-Place Hold. When an email is placed on In-Placed Hold, these emails will stay permanently in the mailbox. Even if the user deletes those emails, it will stay in dumpster of that mailbox. Hence those data will never be lost and can always be retrieved.
Litigation Hold is something similar to In-Place Hold. For In-Place hold, only certain emails that are in the search scope can be put in hold. Litigation hold is set for the complete mailbox itself. All the data inside that emails will never be lost after Litigation hold is enabled. These emails can be recovered like OST 2 PST file anytime even after deletion.
Data Loss Prevention (DLP):
Data Loss prevention policies are very import feature in Compliance and Data prevention. For example, customer’s credit card and banking Info, etc. should be kept confidential. There are built-in policies and patterns that scans every email for information sent in that email. If a CC number or a SSN number are presented in that email, then DLP acts against that email and either it will be deleted or encrypted based on the way the policy is configured. Exchange 2013 and above versions has built-in policies and administrators can create custom policies also. These policies are not enabled by default.
Compliance is one of the mandatory process followed by every corporate organizations. Hence as an Exchange administrators, we should be aware and should comply with the company’s policy.
Sophia Mao is a data recovery expert in DataNumen, Inc., which is the world leader in data recovery technologies, including repair pst file and word recovery software products. For more information visit www.datanumen.com