Microsoft Reverses eDiscovery Decision Because of Discovery Mailboxes
Moving from Workload-Specific eDiscovery
In May, I noted Microsoft’\s announcement that they planned to block the creation of new workload-specific searches in the Exchange Administration Center (EAC) and SharePoint Admin Center. The block was scheduled to descend on July 1, 2017. However, given that the nature of eDiscovery activities tends not to be fast, Office 365 tenants could continue to run existing in-place eDiscovery searches and holds in Exchange and eDiscovery cases in SharePoint until those cases finished.
As a go-forward plan, Microsoft gave tenants a strong message to focus any new eDiscovery activity on the search and eDiscovery case functionality available in the Security and Compliance Center. That remains Microsoft’s intent, but the best-laid plans of mice and large software companies are always subject to unexpected problems.
We Overlooked Discovery Mailboxes!
When July 1 rolled around and the time came for Microsoft to impose the block, customers pointed out that although the SCC searches are faster, more scalable, and more functional, they miss an essential piece of functionality that many companies have built their eDiscovery workflow around – the ability to export search results to a discovery mailbox.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Microsoft introduced discovery mailboxes as the target for eDiscovery searches in Exchange 2010. When investigators are satisfied that their search queries find the right content in user mailboxes, they can export copies of found items into discovery mailboxes. A discovery mailbox is like a large shared mailbox that serves as a target for eDiscovery searches. All tenants who use Exchange Online have at least a default discovery mailbox for this purpose and you can create new discovery mailboxes as needed. For example, you might decide to have a separate discovery mailbox for every eDiscovery case.
People with the proper access to the discovery mailboxes, such as the members of the Discovery Management role group, can open them to access exported content and review items through OWA or Outlook to decide whether anything that they find warrants further action. Later, if investigators decide that review by an external expert such as a lawyer or regulatory consultant is necessary, they can export the search results to a PST and given to the third-party in that manner.
Office 365 content searches and eDiscovery cases can export Exchange results to a PST or individual MSG files (SharePoint always exports to individual files), but cannot write to discovery mailboxes. It is possible to open the PSTs created by content searches with Outlook but not with OWA. To recreate the workflow that now exists and support OWA clients, tenants would have to export to PST and then import the PST contents into a discovery mailbox using Outlook. That might be acceptable if you only had to deal with a couple of hundred items but not so good as soon as the number of items grows.
Block Lifted in Exchange, Stays for SharePoint
Because of the reduction in functionality, Microsoft decided to postpone the block on creating new eDiscovery cases in Exchange but has gone ahead to enforce the block on new SharePoint eDiscovery cases (Figure 1). This is understandable because you can argue that the eDiscovery functionality in Office 365 is closer in concept and execution to SharePoint than Exchange, meaning the transition for SharePoint users should not be a problem.
Office 365 Moves Forward
Even with the hiccup, the future is clear and Microsoft is moving Office 365 away from workload-specific eDiscovery as quickly as it can. This is reasonable. The workload-specific functionality is wedded to the roots of its on-premises past and will survive to service that market.
But inside Office 365, it makes much more sense to engineer functionality that works across all the basic workloads and as many other applications as possible. We are not quite at that point yet, but the functionality available in the Security and Compliance Center for data governance and eDiscovery are good examples of what should happen everywhere.
Expect the block to come for Exchange in late 2017 or early 2018, or as soon as Microsoft comes up with a solution for the functionality gap.
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.