Enable Litigation Hold Azure Automation Services

This runbook enables all applicable mailboxes for litigation hold, running on a schedule to detect new users.

Step 1 – Create / Configure Automation Account

First, sign into the Azure portal and create a new automation Account.  When creating the account, select the free Tier.

After you have created the automation account you will need to create a credential object which is referenced in the script. Go to Assets > Credentials from your newly created automation account. The credential object requires access to Exchange Online, and Azure Active Directory.

Image showing how to add credential object in Azure Automation Services.
Creating a credential object in Azure Automation Services.

There is a requirement to install the MSOnline module so that you can connect to Azure Active Directory PowerShell from a Runbook. From the “Assets” window pictured above, select “Modules” then search for “MSOnline”. If this process fails you can install the module manually.

Image of interface to add MSOnline Module in Azure Automation Services
Installing the MSOnline Module in Azure Automation Services to allow connect to Azure Active Directory in a runbook

Step 2 – Create Runbook

Now the runbook can be created. From the “Runbooks” menu add a new runbook, specifying PowerShell as the runbook type.

Image showing interface to add runbook in Azure Automation Services.
Creating a new runbook in Azure Automation Services.

Paste the code below into the runbook. Please note there are various modifications you need to make.

  • Line 4: The credential object will need to match the name of the one you created.
  • Line 18: This SKU is specific to your Office 365 Tenant. If you are unsure what SKUs you have, run the Get-MsolAccountSku PowerShell command when connected to Azure Active Directory.
  • Line 44: The Litigation Hold duration can be changed. I selected “Unlimited”
  • The mailing function is optional. If you want to make use of the emailing function, update the credential object and the to/from addresses.

Step 3 – Schedule Runbook

Once the runbook has been tested as working you can attach it to a schedule. Follow the prompts as per the below screen capture.

Image showing Azure automation services schedules window
Adding a runbook to a schedule in Azure Automation Services.