Exploring Microsoft Purview eDiscovery Solutions Exploring Microsoft Purview eDiscovery Solutions
Featured
Share:

In today’s digital age, the volume of electronic data produced by individuals and organizations has skyrocketed. With this exponential growth comes the necessity for efficient and comprehensive methods to manage, store, and retrieve this data. Enter eDiscovery, a critical process, especially within Microsoft’s purview, providing a robust framework for handling electronic information for legal, compliance, and investigatory purposes.

Understanding eDiscovery in Microsoft Purview

Understanding eDiscovery

Electronic Discovery, commonly referred to as eDiscovery, encompasses the identification, collection, preservation, review, and production of electronically stored information (ESI). In Microsoft’s realm, eDiscovery revolves around leveraging the tech giant’s tools and platforms to streamline this process.

What Can You Discover?

Microsoft Purview’s eDiscovery tools enable the exploration of several repositories, including Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Microsoft 365 Groups, and even Yammer teams. The versatility of these tools allows for comprehensive searches across mailboxes and sites within a single eDiscovery search.

Leveraging Microsoft Purview eDiscovery (Standard)

For organizations utilizing Office 365 E5 or Microsoft 365 E5 subscriptions (or related E5 add-ons), the capabilities are further amplified with Microsoft Purview eDiscovery (Premium). However, even with the standard version, organizations can identify, hold, and export content discovered within mailboxes and sites.

Why You Need eDiscovery in Microsoft’s Sphere

1. Streamlined Data Management

With the sheer abundance of electronic data, efficient management becomes a cornerstone of operational success. eDiscovery tools in Microsoft’s domain offer streamlined approaches to manage, sort, and retrieve data, enhancing overall productivity.

2. Enhanced Efficiency and Cost Savings

Implementing eDiscovery methodologies within Microsoft’s framework leads to increased efficiency in handling legal matters, thereby reducing the time and costs associated with traditional manual data review processes.

3. Proactive Risk Management

By embracing eDiscovery within the Microsoft ecosystem, organizations proactively manage risks associated with data breaches, ensuring compliance, and safeguarding sensitive information.

Microsoft Purview eDiscovery (Standard) Workflow

Understanding the workflow is crucial to effectively utilize the eDiscovery (Standard) features. The process typically involves:

1. Creation of eDiscovery Holds

Upon initiating a case, the first step is placing an eDiscovery hold on content locations relevant to the investigation. These content locations encompass Exchange mailboxes, SharePoint sites, OneDrive accounts, as well as the mailboxes and sites linked with Microsoft Teams and Microsoft 365 Groups.

2. Association of Searches and Exports with a Case

An integral aspect of the workflow is associating searches and exports with a specific case. This categorization streamlines the process, ensuring a clear linkage between the investigation and the obtained data.

3. Placing eDiscovery Holds

Organizations must initiate eDiscovery holds for individuals of interest, scour relevant content, and subsequently export this data for further scrutiny.

The eDiscovery (Standard) workflow

It is a structured process designed to assist organizations in utilizing eDiscovery tools effectively once a case has been created. Here’s an overview of the key steps involved:

The Ediscovery Workflow

(Standard Workflow for eDiscovery)

Step 1: Create an eDiscovery Hold

After initiating a case, the initial step involves placing an eDiscovery hold on content locations associated with individuals under investigation. These locations encompass Exchange mailboxes, SharePoint sites, OneDrive accounts, as well as mailboxes and sites linked to Microsoft Teams and Microsoft 365 Groups.

The eDiscovery hold serves to preserve potentially relevant content throughout the investigation. Organizations have two options:

Preserve All Content in Specific Locations: This comprehensive approach retains all data within predefined locations.

Create Query-Based Holds: A more targeted strategy, preserving content that aligns with specific queries or criteria.

Beyond content preservation, eDiscovery holds streamline subsequent searches by allowing swift access to held content locations.

Step 2: Search for Content

Post-establishing eDiscovery holds, organizations leverage the in-built search tool to explore held content locations. Additionally, they can extend their search to other content repositories to locate data pertinent to the case.

Organizations have the flexibility to run varied searches associated with the case, utilizing keywords, properties, and conditions to tailor search queries. These queries generate results comprising the most relevant data for the investigation.

Further functionalities within this step include:

Viewing Search Statistics: Utilized to refine search queries and narrow down results for precision.

Previewing Search Results: Allows quick verification of the relevance of retrieved data.

Iterative Query Revision: Enables adjustments to search queries and subsequent reruns for thorough data retrieval.

Step 3: Export and Download Search Results

Upon identifying relevant data through searches, organizations proceed to export these findings out of Microsoft 365 for external review. This process involves two essential steps:

  • Exporting Search Results: Copying the search results to a designated Azure Storage location provided by Microsoft.
  • Downloading the Export Package: Utilizing the eDiscovery Export tool to download the content, including exported data files, export reports, summary reports, and error reports, to a local computer.

The comprehensive export package enables external parties to review the findings beyond the investigation team.

The eDiscovery (Standard) workflow thus encompasses strategic content preservation, meticulous search methodologies, and efficient data exporting, ensuring a comprehensive and structured investigative process.

Process to Start Creating eDiscovery Case in Microsoft Purview

Microsoft Purview simplifies eDiscovery processes by streamlining the steps involved in creating an eDiscovery case. Below is a comprehensive guide detailing each step for initiating an eDiscovery case within Microsoft Purview.

Step 1Accessing eDiscovery in Microsoft Purview

To begin, access eDiscovery by navigating to Microsoft Purview > eDiscovery (Standard).

Ediscovery Standard

(Accessing eDiscovery in Microsoft Purview)

Step 2: Creating a New eDiscovery Case

Once in the eDiscovery section, click on “Create a case” to initiate a new eDiscovery case.

New Ediscovery Case

(Create eDiscovery case)

Step 3: Naming and Describing the eDiscovery Case

Upon clicking “Create a case,” provide an appropriate name and description for the case. Ensure to save the information.

Ediscovery Case

Step 4: Accessing the eDiscovery Case

After creating the eDiscovery case, click on the case name to access it and proceed further.

Ediscovery Case Demo Test

(eDiscovery case has been created)

Step 5: Assigning Permissions

The initial step post-case creation involves assigning permissions to specific groups and users. Navigate to the settings tab and select “Access & permission.” Choose the desired users and groups for accessing the eDiscovery case.

Access Permission

(Accessing Permission Tab)

Accessing Permission Tab

(Assigning eDiscovery case Permission to Users and Groups)

Step 6: Holding Locations

The subsequent step is to hold specific locations within the case. Click on the “Hold” tab, name the hold, provide a description, and save it. Select the locations to apply the hold, including/excluding as necessary.

Holding Locations

(Accessing Hold tab in eDiscovery)

Accessing Hold Tab in Ediscovery

(Creating Hold for eDiscovery case)

Creating Hold for Ediscovery Case

Step 7: Creating Queries

Utilize the Search query builder to create queries that identify desired locations for search and applying holds. Add keywords and conditions using the builder, including multiple keywords and predefined conditions.

Creating Queries

(Enter the Keyword in the Query for search and applying holds)
Multiple Keywords in the Query
(You can enter multiple keywords in the Query)
Add Predefined Conditions
(Add Predefined conditions in the search)

Step 8: Reviewing and Submitting the Hold

Review the settings chosen for the hold and submit the final configuration.

Review Your Hold Settings

(Review your Hold settings)

Step 9: Content Search for eDiscovery Case

Navigate to the “Searches” tab to conduct content searches for the eDiscovery case.

Accessing the Search Tab

(Accessing the Search Tab)

Step 10: Defining Search Conditions

Create a new search case with a name and description. Select the desired locations for content search, defining search conditions, query language, and country/region preferences.

Defining Search Conditions

(Create search for eDiscovery case)
Create Search for Ediscovery Case

(Select the specific location for search case)

Enter the Keyword in the Query

(Enter the Keyword in the Query for search case)

Step 11: Reviewing and Starting the Search

Review the search settings and initiate the search. The status will change from “started” to “complete” upon search completion.

Reviewing and Starting the Search

(Review your search settings before creating it)

Review Your Search Settings

(Search status for content search case)

Step 12: Reviewing Search Results

Post-search completion, a detailed summary showcasing information like item count, location, size, condition reports, and top locations will be available.

Reviewing Search Results

(Search Summary and Status for completed status)

Step 13: Generating Reports

Generate reports through the graphical visualization of search statistics, including CSV format reports for item counts, locations, and conditions.

Image

(Search Statistic results)

Search Statistic Results

(Export Search results)

Export Search Results

Exports Tab

(In Exports tab you can see the exported reports)

Step 14: Closing or Deleting the Case

If necessary, close or delete the eDiscovery case by accessing the settings tab and selecting the desired action from the available options.

Closing or Deleting the Case(Refer Close/Delete case)

Upgrading eDiscovery Case

Consider moving the eDiscovery case from the standard version to the premium version if needed. (If you are dealing with complex data challenges, legal intricacies, and heightened compliance requirements, providing a comprehensive suite of tools to navigate the evolving landscape of data management seamlessly.)

Upgrading Ediscovery Case

(Move case to eDiscovery case from eDiscovery Standard to eDiscovery premium)

Conclusion

Navigating the eDiscovery process within Microsoft Purview involves a systematic approach, starting from case creation to content search and report generation. By following these outlined steps, users can effectively manage eDiscovery cases, ensuring thorough and precise investigations.

Leave a Reply

Your email address will not be published. Required fields are marked *

Want to talk?

Drop us a line. We are here to answer your questions 24*7.