In today’s digital age, the volume of electronic data produced by individuals and organizations has skyrocketed. With this exponential growth comes the necessity for efficient and comprehensive methods to manage, store, and retrieve this data. Enter eDiscovery, a critical process, especially within Microsoft’s purview, providing a robust framework for handling electronic information for legal, compliance, and investigatory purposes.
Understanding eDiscovery in Microsoft Purview
Understanding eDiscovery
Electronic Discovery, commonly referred to as eDiscovery, encompasses the identification, collection, preservation, review, and production of electronically stored information (ESI). In Microsoft’s realm, eDiscovery revolves around leveraging the tech giant’s tools and platforms to streamline this process.
What Can You Discover?
Microsoft Purview’s eDiscovery tools enable the exploration of several repositories, including Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Microsoft 365 Groups, and even Yammer teams. The versatility of these tools allows for comprehensive searches across mailboxes and sites within a single eDiscovery search.
Leveraging Microsoft Purview eDiscovery (Standard)
For organizations utilizing Office 365 E5 or Microsoft 365 E5 subscriptions (or related E5 add-ons), the capabilities are further amplified with Microsoft Purview eDiscovery (Premium). However, even with the standard version, organizations can identify, hold, and export content discovered within mailboxes and sites.
Why You Need eDiscovery in Microsoft’s Sphere
1. Streamlined Data Management
With the sheer abundance of electronic data, efficient management becomes a cornerstone of operational success. eDiscovery tools in Microsoft’s domain offer streamlined approaches to manage, sort, and retrieve data, enhancing overall productivity.
2. Enhanced Efficiency and Cost Savings
Implementing eDiscovery methodologies within Microsoft’s framework leads to increased efficiency in handling legal matters, thereby reducing the time and costs associated with traditional manual data review processes.
3. Proactive Risk Management
By embracing eDiscovery within the Microsoft ecosystem, organizations proactively manage risks associated with data breaches, ensuring compliance, and safeguarding sensitive information.
Microsoft Purview eDiscovery (Standard) Workflow
Understanding the workflow is crucial to effectively utilize the eDiscovery (Standard) features. The process typically involves:
1. Creation of eDiscovery Holds
Upon initiating a case, the first step is placing an eDiscovery hold on content locations relevant to the investigation. These content locations encompass Exchange mailboxes, SharePoint sites, OneDrive accounts, as well as the mailboxes and sites linked with Microsoft Teams and Microsoft 365 Groups.
2. Association of Searches and Exports with a Case
An integral aspect of the workflow is associating searches and exports with a specific case. This categorization streamlines the process, ensuring a clear linkage between the investigation and the obtained data.
3. Placing eDiscovery Holds
Organizations must initiate eDiscovery holds for individuals of interest, scour relevant content, and subsequently export this data for further scrutiny.
The eDiscovery (Standard) workflow
It is a structured process designed to assist organizations in utilizing eDiscovery tools effectively once a case has been created. Here’s an overview of the key steps involved:
(Standard Workflow for eDiscovery)
Step 1: Create an eDiscovery Hold
After initiating a case, the initial step involves placing an eDiscovery hold on content locations associated with individuals under investigation. These locations encompass Exchange mailboxes, SharePoint sites, OneDrive accounts, as well as mailboxes and sites linked to Microsoft Teams and Microsoft 365 Groups.
The eDiscovery hold serves to preserve potentially relevant content throughout the investigation. Organizations have two options:
Preserve All Content in Specific Locations: This comprehensive approach retains all data within predefined locations.
Create Query-Based Holds: A more targeted strategy, preserving content that aligns with specific queries or criteria.
Beyond content preservation, eDiscovery holds streamline subsequent searches by allowing swift access to held content locations.
Step 2: Search for Content
Post-establishing eDiscovery holds, organizations leverage the in-built search tool to explore held content locations. Additionally, they can extend their search to other content repositories to locate data pertinent to the case.
Organizations have the flexibility to run varied searches associated with the case, utilizing keywords, properties, and conditions to tailor search queries. These queries generate results comprising the most relevant data for the investigation.
Further functionalities within this step include:
Viewing Search Statistics: Utilized to refine search queries and narrow down results for precision.
Previewing Search Results: Allows quick verification of the relevance of retrieved data.
Iterative Query Revision: Enables adjustments to search queries and subsequent reruns for thorough data retrieval.
Step 3: Export and Download Search Results
Upon identifying relevant data through searches, organizations proceed to export these findings out of Microsoft 365 for external review. This process involves two essential steps:
- Exporting Search Results: Copying the search results to a designated Azure Storage location provided by Microsoft.
- Downloading the Export Package: Utilizing the eDiscovery Export tool to download the content, including exported data files, export reports, summary reports, and error reports, to a local computer.
The comprehensive export package enables external parties to review the findings beyond the investigation team.
The eDiscovery (Standard) workflow thus encompasses strategic content preservation, meticulous search methodologies, and efficient data exporting, ensuring a comprehensive and structured investigative process.
Process to Start Creating eDiscovery Case in Microsoft Purview
Microsoft Purview simplifies eDiscovery processes by streamlining the steps involved in creating an eDiscovery case. Below is a comprehensive guide detailing each step for initiating an eDiscovery case within Microsoft Purview.
Step 1: Accessing eDiscovery in Microsoft Purview
To begin, access eDiscovery by navigating to Microsoft Purview > eDiscovery (Standard).
(Accessing eDiscovery in Microsoft Purview)
Step 2: Creating a New eDiscovery Case
Once in the eDiscovery section, click on “Create a case” to initiate a new eDiscovery case.
(Create eDiscovery case)
Step 3: Naming and Describing the eDiscovery Case
Upon clicking “Create a case,” provide an appropriate name and description for the case. Ensure to save the information.
Step 4: Accessing the eDiscovery Case
After creating the eDiscovery case, click on the case name to access it and proceed further.
(eDiscovery case has been created)
Step 5: Assigning Permissions
The initial step post-case creation involves assigning permissions to specific groups and users. Navigate to the settings tab and select “Access & permission.” Choose the desired users and groups for accessing the eDiscovery case.
(Accessing Permission Tab)
(Assigning eDiscovery case Permission to Users and Groups)
Step 6: Holding Locations
The subsequent step is to hold specific locations within the case. Click on the “Hold” tab, name the hold, provide a description, and save it. Select the locations to apply the hold, including/excluding as necessary.
(Accessing Hold tab in eDiscovery)
(Creating Hold for eDiscovery case)
Step 7: Creating Queries
Utilize the Search query builder to create queries that identify desired locations for search and applying holds. Add keywords and conditions using the builder, including multiple keywords and predefined conditions.
Step 8: Reviewing and Submitting the Hold
Review the settings chosen for the hold and submit the final configuration.
(Review your Hold settings)
Step 9: Content Search for eDiscovery Case
Navigate to the “Searches” tab to conduct content searches for the eDiscovery case.
(Accessing the Search Tab)
Step 10: Defining Search Conditions
Create a new search case with a name and description. Select the desired locations for content search, defining search conditions, query language, and country/region preferences.
(Create search for eDiscovery case)
(Select the specific location for search case)
(Enter the Keyword in the Query for search case)
Step 11: Reviewing and Starting the Search
Review the search settings and initiate the search. The status will change from “started” to “complete” upon search completion.
(Review your search settings before creating it)
(Search status for content search case)
Step 12: Reviewing Search Results
Post-search completion, a detailed summary showcasing information like item count, location, size, condition reports, and top locations will be available.
(Search Summary and Status for completed status)
Step 13: Generating Reports
Generate reports through the graphical visualization of search statistics, including CSV format reports for item counts, locations, and conditions.
(Search Statistic results)
(Export Search results)
(In Exports tab you can see the exported reports)
Step 14: Closing or Deleting the Case
If necessary, close or delete the eDiscovery case by accessing the settings tab and selecting the desired action from the available options.
(Refer Close/Delete case)
Upgrading eDiscovery Case
Consider moving the eDiscovery case from the standard version to the premium version if needed. (If you are dealing with complex data challenges, legal intricacies, and heightened compliance requirements, providing a comprehensive suite of tools to navigate the evolving landscape of data management seamlessly.)
(Move case to eDiscovery case from eDiscovery Standard to eDiscovery premium)
Conclusion
Navigating the eDiscovery process within Microsoft Purview involves a systematic approach, starting from case creation to content search and report generation. By following these outlined steps, users can effectively manage eDiscovery cases, ensuring thorough and precise investigations.
Want to talk?
Drop us a line. We are here to answer your questions 24*7.