<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AIHxSUCQ1Okta Identity EngineWorkflowsAnswered2024-12-31T17:05:30.000Z2024-12-16T22:13:45.000Z2024-12-31T17:05:30.000Z

JakeR.78774 (Customer) asked a question.

December 16, 2024 at 10:13 PM
Workflow to apply Office 365 retention policies to an account for legal/litigation holds?

I'm working on upgrading the process for a legal/litigation hold so if needed, an admin can update a field in an account's profile, which triggers them being added to a different Active Directory pushed group to move them into a new OU.

That part works perfect, what I'm trying to figure out is how to apply the hold in O365 programmatically via a workflow that would see the user added to the Okta Group "legal hold" and then tell O365 to apply the legal hold policy to the account.

Any help greatly appreciated. Thanks!

  • 2 answers
  • 297 views

  • TimL.58332 (Workflows)

    @JakeR.78774 (Customer)​  -- This really comes down to "Is there an endpoint to perform the action in graph". And if there is an endpoint can you gain auth to perform actions against it.

     

    If the answer is yes. Based on what you described above that could be an event triggered flow (User Profile Updated) that checks to see if that specific attribute is updated to a value that designates a "hold" then makes a call to O365.

     

    Alternatively, you might be able to achieve it a bit differently. What I did find was this:

     

    https://learn.microsoft.com/en-us/purview/ediscovery-create-a-litigation-hold

     

    Which looks to use Powershell. Is there a way to kick off a powershell script on users moved to that new OU? That seems like it would also achieve the same goal.

    Expand Post
    Selected as Best

  • TimL.58332 (Workflows)

    @JakeR.78774 (Customer)​  -- This really comes down to "Is there an endpoint to perform the action in graph". And if there is an endpoint can you gain auth to perform actions against it.

     

    If the answer is yes. Based on what you described above that could be an event triggered flow (User Profile Updated) that checks to see if that specific attribute is updated to a value that designates a "hold" then makes a call to O365.

     

    Alternatively, you might be able to achieve it a bit differently. What I did find was this:

     

    https://learn.microsoft.com/en-us/purview/ediscovery-create-a-litigation-hold

     

    Which looks to use Powershell. Is there a way to kick off a powershell script on users moved to that new OU? That seems like it would also achieve the same goal.

    Expand Post
    Selected as Best

    • JakeR.78774 (Customer)

      Thanks Tim!

       

      I haven't seen anything about how to send a Powershell script to Azure via a Workflow but will keep looking.

      Apparently we also use Purview for part of this so that is a new wrinkle I'm trying to wrap my head around.

       

      Expand Post
This question is closed.
Loading
Workflow to apply Office 365 retention policies to an account for legal/litigation holds?