Content sprawl causes IT and security administrators many problems and complicates the management and control of information. However, Microsoft 365 provides tools to prevent content sprawl from happening. These tools are part of the Microsoft Purview eDiscovery services. In this article, we’ll explain how eDiscovery works within Microsoft 365.
When working with Microsoft 365, content sprawl may become inevitable within an organization. It will eventually happen as users store documents and files within multiple services such as SharePoint Online, OneDrive for Business, Microsoft Teams, and every other app that allows users to save content.
If your organization ever needs to identify specific types of content across all Microsoft 365 services as part of a legal challenge or litigation, the Microsoft Purview eDiscovery services can come to the rescue. However, before you start exploring these specific tools, you first need to understand what is eDiscovery.
eDiscovery is short for electronic discovery in the context of a legal case or investigation. As part of legal proceedings, organizations may need to provide relevant information, records, and any other electronic evidence related to a case.
You can conduct eDiscovery either offline, on a specific computer, or on a computer network. The data collected during an eDiscovery process may include any type of electronic information including documents, emails, texts, and even social media posts.
So, why should you care about eDiscovery? Well, because Microsoft 365 supports such a wide variety of data sources, you need to ensure that your organization can retrieve content and data when required.
The Microsoft 365 ecosystem provides core tools and capabilities for eDiscovery under the brand “Microsoft Purview” brand. These tools include Content Search, eDiscovery Standard, and eDiscovery Premium. We’ll have more details on these three sets of tools later.
To use any Microsoft Purview eDiscovery solutions, you’ll need the appropriate license. The great thing, though, is that you can use different licenses depending on the roles you’ll assign to members in your organization.
If you want people in your organization to use eDiscovery-related tools, you’ll need to assign them the appropriate permissions. The main roles are eDiscovery Manager and eDiscovery Administrator.
eDiscovery Managers can use eDiscovery search and export tools. They can also perform the following actions:
eDiscovery Administrators can perform all the tasks of an eDiscovery Manager, but they can also perform the following tasks:
As an IT admin, you should aim to limit the number of users with eDiscovery Administrator permissions.
Microsoft Purview provides three different sets of eDiscovery solutions: Content search, eDiscovery Standard, and eDiscovery Premium.
The Content search tool can search for content across services and export the results to a local computer. Users can also use keywords, search conditions, and access search statistics.
To utilize Content Search, you’ll need any of the following licenses:
eDiscovery Standard includes the basic search and export features of Content search, but it adds the creation of eDiscovery cases and their assignment to eDiscovery managers. The latter can only access the cases they are members of.
eDiscovery Standard also allows associated searches and exports within a case. It also enables you to place an eDiscovery hold on content locations relevant to the case.
To utilize eDiscovery Standard, you need any of the following licenses:
eDiscovery Premium services provide additional steps for identifying, preserving, collecting, reviewing, analyzing, and exporting relevant content to the organization’s internal and external investigations. It allows the management and copying of data into review sets.
With eDiscovery Premium, you can also filter, search, and tag content to cull non-relevant information. eDiscovery Premium also includes analytics and machine learning-based coding models to assist users in investigating content.
There are many more features available within eDiscovery Premium. To use this tier, you’ll need any of the following licenses:
As of today, organizations using Microsoft 365 need to manage risk levels for organizational data. They also need to comply with corporate security policies as content grows and changes. All this requires diving deep into an organization’s content and looking for keywords, patterns, and sensitive data types.
To get started with eDiscovery, you’ll need to ensure you have the correct licensing. You can find more information about the Microsoft Purview eDiscovery solutions on the Microsoft Learn website.