Preventions
- ID: PV068
- Created: 19th August 2025
- Updated: 19th August 2025
- Contributor: The ITM Team
Microsoft Litigation Hold
Microsoft Litigation Hold is a built-in compliance feature within Microsoft 365 that preserves mailbox content, even if a subject attempts to delete or alter messages. When enabled, it ensures that emails, calendar items, and other mailbox content remain discoverable and immutable, regardless of user-side deletion or modification attempts.
Organizations can apply Litigation Hold to specific subjects, role types, or high-risk populations, and define custom hold durations (e.g., indefinite or time-bound).
Sections
| ID | Name | Description |
|---|---|---|
| AF027.001 | Email Deletion | The subject deliberately deletes emails - either sent, received, or both - with the intent to obstruct investigative visibility, remove evidence of policy violations, or eliminate traces of communication relevant to an insider event. While routine inbox maintenance is common, patterns of targeted deletion may indicate purposeful concealment. |