A legal team needs to preserve all data belonging to a former employee who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, Teams messages, and OneDrive files. Which Microsoft Purview solution should they use to enforce the preservation?
eDiscovery (Standard) enables creating a case and placing a hold on custodians' mailboxes, SharePoint sites, OneDrive, and Teams, preserving all data for legal purposes.
Why this answer
eDiscovery (Standard) case hold is the correct solution because it allows legal teams to place a legal hold on all data sources associated with a specific user, including Exchange Online mailboxes, SharePoint sites, OneDrive accounts, and Teams messages. This preserves the data in its current state, preventing modification or deletion, which is essential for litigation. Unlike other options, eDiscovery holds are designed specifically for legal preservation scenarios and can target multiple workloads simultaneously.
Exam trap
The trap here is that candidates often confuse a retention policy (which is automated and rule-based) with a legal hold (which is manual, case-specific, and preserves data for litigation), leading them to choose Data Lifecycle Management instead of eDiscovery.
How to eliminate wrong answers
Option B is wrong because Data Lifecycle Management retention policies are designed for automated data retention and deletion based on regulatory or business rules, not for ad-hoc legal holds triggered by litigation. Option C is wrong because sensitivity labels with retention markings are used to classify and optionally retain data based on sensitivity, but they cannot enforce a comprehensive legal hold across all user data sources like eDiscovery can. Option D is wrong because Audit log search is a tool for reviewing historical activity logs, not for preserving data; it does not prevent data modification or deletion.