Get started: Vault Administrators

Vault can help protect your organization from legal and compliance risks. With Vault, you can be prepared to assess a legal matter or compliance issue in a timely, cost-effective way, with minimal disruption to your business.

Google Apps Vault is developed and designed to reduce costs and risks by allowing users to archive, manage, and preserve emails and on the record chats for information governance, e Discovery, and regulatory investigations.

Now here’s the quick start guide how you can make the most of Vault for your organization.

Important:Vault won't preservedata according to your organization's policies and legal requirements until you completethese steps.You must choose a default retention policy and/or custom rule as described inStep 5in order for Vault to retain your data.

Before you proceed, make sure:

  • You are a Google Apps super administrator for your organization;only super administrators can complete the steps in this guide.
  • You have Google Apps for Work or Google Apps for Work Unlimited (Drive for Work or ONEOffice Unlimited)
  • Google Apps Vault has been purchased for your organization. (Drive for Work or ONEOffice Unlimited already includes Google Vault)

Step 1: Assign Vault Licenses

Assign licenses to everyone (full-domain licensing) or to just a subset of people (partial-domain licensing).

  1. Consult with people in your organization who understand its business andlegal requirementsto decide who needs a Vault license. Note: If customer is currently in Drive for Work (Google Apps Unlimited) or ONEOffice Unlimited, all licenses have Google Vault so it automatically assigned licenses to everyone.
  2. To verify, in your ONEOffice dashboard, click Google cPanel.
  1. ClickGoogle Apps.

  1. You will see Google Vault.Note that for ONEOffice Unlimited, all your licenses will automatically be on for everyone.

Step 2: Specify who in your domain can access the Vault console

Specify who in your domain can access Vault. Only users with appropriate permissions can log on to

  1. Sign in to the using your administrator account email address (including username and domain) and password.
  2. ClickGoogle Apps.
  3. ClickVaultand choose one of the following options:
  4. ON for everyone:everyone in your organization can access Vault.
  5. If you have sub-organization, you can override the settings of the parent organization.
  • OFF:no one in your organization can access Vault.

Step 3: Grant privileges to authorized employees

Grant privileges to employees who you want to create retention rules, place litigation holds, or perform investigations. This step is not mandatory for the initial setup of Vault.

  1. From the admin console, click users.
  2. Select a particular user and click the roles and privileges. You will be able to see the functions user can access for each application including Google Vault.

Step 4: Sign in to Vault

Now that Google Apps Vault is enabled and licenses have been assigned in the Admin console, sign in to Vault by doing the following:

  1. Go to
  2. Sign in with your Google Apps username and password. Note that for ONEOffice users, if you want to sync your myBusiness Password and your ONEOffice password, make sure to update your myBusiness password to enable this.

Other authorized employees in your domain will sign in to Vault the same way after you've given them access.

Step 5: Set your company’s default retention period for archiving

Set a default retention policy to control how long your company's messages are archived before being permanently expunged from your users' mailboxes and all Google systems.Your company should have a policy about the amount of time messages should be retained. We recommend that you consult your company's legal team when you set up a default retention rule.

The retention period starts on the date a message is received, NOT the dateyou set the rule. For example, you set the default for 3650 days (10 years). If a user received a message on January 5, 2004, that message would be removed from the user's mailbox on January 5, 2014, and from Vault shortly thereafter. Learn details abouthow retention works.

After the time period defined by a default retention policy (or custom rule) elapses, messages retained by those rules are permanently deletedand cannot be restored.

  1. In Google Apps Vault, clickRetentionin the left navigation.

  1. ClickModify default retention period.
  2. In the dialog that appears, select one of these three options:
  3. Do not specify a default retention period: User content isn't retained in Vault. Unless a custom rule or hold applies, user-deleted content is expunged 30 days after deletion, with no recovery options. Your organization's default retention period is automatically set to this option unless you change it.
  4. Retain data indefinitely: User content is permanently available in Vault, unless a custom rule applies.
  5. Retain data for a specified number of days: User content is retained for the number of days you specify (up to 36,500), unless a custom rule or hold applies. Shortly after this period elapses, content is removed from user mailboxes and deleted from Google systems with no recovery options. If you select this option, clickNext, type the number of days for the retention period, then clickSet. Select the checkboxes to verify that you understand your content will be deleted at the end of the retention period if no other rules or holds apply.
  1. ClickSubmit.
  2. You can also add additional retention rules by clicking “Retention” link again.

Important notes:

  • What happens after you set the default retention rule:Unless a custom rule or hold applies to them, current and future messages in your users' mailboxes are preserved in and expunged from Vault according to the default retention rule.
  • What happens when a user deletes a message:The message is removed from that user's mailbox. However, when the default retention rule or a custom rule applies, the message is still available in Vault for the remainder of the retention period.

Google Apps Vault is now up and running! Vault will preserve your domain's mail and on-the-record chats for the retention period you specified.

Below are the things you can do in Google Vault

Create a New Matter

Whether you want to search email contents, export data or create contents policy, for any job that you want, you always have to create a new matters.

In Google Apps Vault, a matter is a container for all of the data related to a specific topic, such as a litigation case or investigation.

When you sign in to Google Apps Vault, you see the Matters page, which lists of all open matters your account can access. These include matters you created and matters that are shared with you.

To create a new matte, Click ‘Create’ button and enter the name that you desire. Click “Create new matter”.

Create holds

A hold allows you to preserve messages (emails and on-the-record chats) in Vault indefinitely in order to meet legal or preservation obligations; create a hold to override data from deletion beyond default retention rules.

Click “Create Hold” button and enter desired hold name, users and date range or terms. You can leave then blank if you would like to.

Once a hold is created you can see hold name and config. information as below.

Also, you can search All or Held data by choosing on Source. And unless you want to narrow down with particular accounts(email), date range, or keywords, just leave them as blank and click Search. In this demo, “Held Data” is chosen, so I can search only hold data that I have defined previously.

Here is the search result. You can save query for future use as favorite. You can also export the result or share it with someone.

In this demo, I’ll export the data and enter the task name for the data.

As you see, the data is exported to the Google Cloud. It can take a few minutes to up to a day depending on the size of the data.

Once exporting is done, you can see the results as below. The results can be downloaded into a MBOX file format.

Additionally, you can share the data with other users, just like sharing the google docs via gmail.

Audit search activity

Vault audits provide details about actions that Vault users have taken during a specified period of time. Audit archives every activity of admin users.

You can export the audit trails by going to ReportsAudit and inSelect date range, include start and end dates for the audit. In Select Vault users, include users on whom you want to run the audit.

The Vault users you enter here have Vault privileges; you are auditing their actions in Vault (for example, if they've set retention rules, searched in matters, modified holds, or performed any other administrative actions). In Select action types, check the boxes next to actions about which you want audit information. Click Download CSV. A CSV file that contains audit information will be downloaded to your device.

Here’s the sample csv file.