Notes for Administrators on the Microsoft Purview Integration

Integrations

The account that is used in the Microsoft Purview integration must have several properties:

Compliance Administrator' or 'eDiscovery Administrator' role (you can check it here: https://compliance.microsoft.com/compliancecenterpermission)
Part of the tenant that has all custodians.
- For Microsoft Entra ID tenant - account must be from the same Microsoft Entra ID tenant.
- For Okta tenant - account must be from Microsoft Entra ID tenant that contains all custodians that are going to be preserved which are part of the Okta tenant (in case of Microsoft Entra ID as source of Okta users).

If the account that used to access Microsoft Purview is changed, it must have access to all cases created by Legal Hold otherwise preservation updates will fail. Lift actions (hold lift or hold location remove) will silently succeed.
- New account must be Compliance Administrator or eDiscovery Administrator.
Due to security reasons, the integration will expire in 3 months. The integration can be renewed anytime by clicking the edit button of the integration.

Do not change cases and policies created by the Legal Hold application in Microsoft Purview, you can do other actions in the system like searches and exports.
Lifting a Hold in the Legal Hold application will remove all Holds in the M365 eDiscovery case.
Preservation in Microsoft Purview can report an error message.
- Error is "It's taking longer than expected to deploy the policy. It might take an additional 2 hours to update the final deployment status, so check back in a couple hours. [PolicySyncTimeout]". Legal Hold Preservation will succeed.
- In other cases Legal Hold preservation will fail with a specific error text. Please contact Support for assistance.

This integration is required to preserve non-custodial locations like Teams, SharePoint and Shared Mailboxes.

The user must have access to all teams and sites they desire to preserve otherwise:

It will not be possible to resolve team site during preservation and you will see an error.
SharePoint sites will not be visible in the explorer.

Teams data is stored in various locations. For Teams the following data is preserved based on the location that you defined in LEGAL HOLD.

Data to Preserve	LEGAL HOLD M365 Sources in the Location definition	Microsoft Data Location
Chat messages for a user (for example, 1:1 chats, 1:N group chats, and private channel conversations)	Mailbox	User mailbox
Chat messages in standard and shared channels	Teams	Mailbox associated with the parent team
Files in standard channels (for example, Wiki content and files)	SharePoint	SharePoint site associated with the parent team
Files in private and shared channels	SharePoint	Dedicated SharePoint site associated with the channel
User's private content	OneDrive	The user's OneDrive for Business account
Card content in chats	Teams	User mailbox for 1:1 chats, 1:N group chats, and private channel conversations; the parent team mailbox for card content in standard and shared channel messages.

To retain message content in private channels, you need to put the user mailboxes (of the members of a private channel) on hold.

If hold will contain multiple users with same email addresses or email aliases - preservation will be executed for all variation and the related mailbox will be preserved, however on lift of individual custodians, the first lifted user will lift mailbox and other email addresses, or aliases may stay marked as preserved. This is resolved when the Hold itself is lifted fully.
If a mailbox email address is changed after preservation and then lifted:
- if new email address points to another user’s mailbox - system will unpreserve by new email address, old email address will not be unpreserved by same action.
- if new email is empty or doesn't point to another user’s mailbox - system will just mark custodian location as lifted since it hasn't found anything to unpreserve.
Email aliases can be used and changed if these are pointing to the same Exchange mailbox.
Mail contacts are mail-enabled objects that contain information about people who exist outside your organization, mail contacts can be part of your EntraID address book synchronization, but these contacts will be ignored for preservation.