Get started: Vault administrators
Welcome to Google Apps Vault! This guide will walk you through the steps to get Vault up and running for your organization.
Before you proceed, make sure:
- You are a Google Apps super administrator for your organization; only super administrators can complete the steps in this guide.
- You have Google Apps for Work or Google Apps for Education. Important information for Google Apps for Education customers
Please note that if you have Hangouts enabled, upon logging into Admin console, you will be prompted to accept a Vault-Hangouts amendment to acknowledge limitations* around using both Vault and Hangouts in your domain. You must accept this agreement to continue using your Admin console, even if you decide not to use Vault with Hangouts. It is important to understand the following:
- Unless you explicitly log into Vault and set retention rules, the limitations around using both Vault and Hangouts do not take effect.
- You can ensure the limitations do not impact your domain after accepting the amendment by:
- Not setting retention rules in Vault, or
- Switching from Hangouts to Talk. Talk does not have the Vault limitation that Hangouts does. More information can be found in the help center.
If you have additional comments or questions, please contact Google for Work Support.
*Limitations include: retention and archiving policies will not be properly applied to history-on messages. For example, once a retention period has expired, history-on messages will be expunged from a user's Gmail mailbox, and they will no longer be searchable or exportable by Vault administrators or Vault users with the appropriate privileges. However, your users will still have access to their Hangouts histories within their Hangouts chat windows and Google+.
- Google Apps Vault has been purchased for your organization.
Click each step below to learn how to complete it.1. Assign Vault licenses
Assign licenses to everyone (full-domain licensing) or to just a subset of people (partial-domain licensing).
- Consult with people in your organization who understand its business and legal requirements to decide who needs a Vault license.
- Follow the steps in the full-domain or partial-domain licensing article.
Only users with appropriate permissions can log on to http://ediscovery.google.com.
- Sign in to the Admin console, using your administrator account email address (including username and domain) and password.
- On the dashboard, click Apps, then click Google Apps.
- Click Vault and choose one of the following options:
- ON for everyone: everyone in your organization can access Vault.
- ON for some organizations: only organizational units (OUs) that you specify can access Vault. Learn more about creating OUs.
- OFF: no one in your organization can access Vault.
Grant privileges to employees who you want to create retention rules, place litigation holds, or perform investigations. This step is not mandatory for the initial setup of Vault.
Now that Google Apps Vault is enabled and licenses have been assigned in the Admin console, sign in to Vault by doing the following:
- Go to https://ediscovery.google.com
- Sign in with your Google Apps username and password.
Other authorized employees in your domain will sign in to Vault the same way after you've given them access.
Set a default retention policy to control how long your organization's messages are archived before being permanently expunged from your users' mailboxes and all Google systems. Your organization should have a policy about the amount of time messages should be retained. We recommend that you consult your organization's legal team when you set up a default retention rule.
The retention period starts on the date a message is received, NOT the date you set the rule. For example, you set the default for 3650 days (10 years). If a user received a message on January 5, 2004, that message would be removed from the user's mailbox on January 5, 2014, and from Vault shortly thereafter. Learn details about how retention works.
- In Google Apps Vault, click Retention in the left navigation.
- Click Modify default retention period.
- In the dialog that appears, select one of these three options:
- Do not specify a default retention period: User content isn't retained in Vault. Unless a custom rule or hold applies, user-deleted content is expunged 30 days after deletion, with no recovery options. Your organization's default retention period is automatically set to this option unless you change it.
- Retain data indefinitely: User content is permanently available in Vault, unless a custom rule applies.
- Retain data for a specified number of days: User content is retained for the number of days you specify (up to 36,500), unless a custom rule or hold applies. Shortly after this period elapses, content is removed from user mailboxes and deleted from Google systems with no recovery options. If you select this option, click Next, type the number of days for the retention period, then click Set. Select the checkboxes to verify that you understand your content will be deleted at the end of the retention period if no other rules or holds apply.
- Click Submit.
- What happens after you set the default retention rule: Unless a custom rule or hold applies to them, current and future messages in your users' mailboxes are preserved in and expunged from Vault according to the default retention rule.
- What happens when a user deletes a message: The message is removed from that user's mailbox. However, when the default retention rule or a custom rule applies, the message is still available in Vault for the remainder of the retention period.
Google Apps Vault is now up and running! Vault will preserve your domain's mail and on-the-record chats for the retention period you specified. Learn more about the default retention rule and custom rules.