What is the difference between M365 retention policy and legal hold?
Retention = 'keep this for X years, then it may go'. Hold = 'keep this and nobody may delete it'. Two different goals, people mix them up.
Try this first
- 1Retention policy: set for general compliance (e.g. keep invoicing mail for 7 years). Works on groups of mailboxes, with an expiry.
- 2Litigation hold (or in-place hold): set when there is a legal matter. Freezes that one mailbox; everything is kept, even if the user tries to delete.
- 3Neither replaces a backup. Microsoft says so themselves: hold protects against tampering, not against tenant failure or ransomware on the account.
- 4Before lifting a hold, confirm the matter is truly closed and your legal team agrees. That is not an IT-only decision.
When to bring us in
Setting up or removing a hold sounds simple but has legal consequences. We only do this after written instruction from your legal contact. Do not call to 'just put everything on hold' without context.
See also
- We have backups but we do not know if they workA backup that cannot be restored is not a backup. Testing matters as much as taking the backup.
- Suspected ransomware: what to do RIGHT NOWThe first 30 minutes are critical. One wrong move spreads the damage. Read before acting.
- Someone accidentally deleted an important folderUsually fine to recover. The trick: do not save anything new on that drive until you know how.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.