Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Exchange Online|Office|Office 365

Microsoft Reverses eDiscovery Decision Because of Discovery Mailboxes

Exchange EAC eDiscovery

Moving from Workload-Specific eDiscovery

In May, I noted Microsoft’\s announcement that they planned to block the creation of new workload-specific searches in the Exchange Administration Center (EAC) and SharePoint Admin Center. The block was scheduled to descend on July 1, 2017. However, given that the nature of eDiscovery activities tends not to be fast, Office 365 tenants could continue to run existing in-place eDiscovery searches and holds in Exchange and eDiscovery cases in SharePoint until those cases finished.

As a go-forward plan, Microsoft gave tenants a strong message to focus any new eDiscovery activity on the search and eDiscovery case functionality available in the Security and Compliance Center. That remains Microsoft’s intent, but the best-laid plans of mice and large software companies are always subject to unexpected problems.

We Overlooked Discovery Mailboxes!

When July 1 rolled around and the time came for Microsoft to impose the block, customers pointed out that although the SCC searches are faster, more scalable, and more functional, they miss an essential piece of functionality that many companies have built their eDiscovery workflow around – the ability to export search results to a discovery mailbox.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Microsoft introduced discovery mailboxes as the target for eDiscovery searches in Exchange 2010. When investigators are satisfied that their search queries find the right content in user mailboxes, they can export copies of found items into discovery mailboxes. A discovery mailbox is like a large shared mailbox that serves as a target for eDiscovery searches. All tenants who use Exchange Online have at least a default discovery mailbox for this purpose and you can create new discovery mailboxes as needed. For example, you might decide to have a separate discovery mailbox for every eDiscovery case.

People with the proper access to the discovery mailboxes, such as the members of the Discovery Management role group, can open them to access exported content and review items through OWA or Outlook to decide whether anything that they find warrants further action. Later, if investigators decide that review by an external expert such as a lawyer or regulatory consultant is necessary, they can export the search results to a PST and given to the third-party in that manner.

Office 365 content searches and eDiscovery cases can export Exchange results to a PST or individual MSG files (SharePoint always exports to individual files), but cannot write to discovery mailboxes. It is possible to open the PSTs created by content searches with Outlook but not with OWA. To recreate the workflow that now exists and support OWA clients, tenants would have to export to PST and then import the PST contents into a discovery mailbox using Outlook. That might be acceptable if you only had to deal with a couple of hundred items but not so good as soon as the number of items grows.

Block Lifted in Exchange, Stays for SharePoint

Because of the reduction in functionality, Microsoft decided to postpone the block on creating new eDiscovery cases in Exchange but has gone ahead to enforce the block on new SharePoint eDiscovery cases (Figure 1). This is understandable because you can argue that the eDiscovery functionality in Office 365 is closer in concept and execution to SharePoint than Exchange, meaning the transition for SharePoint users should not be a problem.

eDiscovery block for SharePoint
Figure 1: New eDiscovery cases are still blocked for SharePoint Online (image credit: Tony Redmond)

Office 365 Moves Forward

Even with the hiccup, the future is clear and Microsoft is moving Office 365 away from workload-specific eDiscovery as quickly as it can. This is reasonable. The workload-specific functionality is wedded to the roots of its on-premises past and will survive to service that market.

But inside Office 365, it makes much more sense to engineer functionality that works across all the basic workloads and as many other applications as possible. We are not quite at that point yet, but the functionality available in the Security and Compliance Center for data governance and eDiscovery are good examples of what should happen everywhere.

Expect the block to come for Exchange in late 2017 or early 2018, or as soon as Microsoft comes up with a solution for the functionality gap.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for Petri.com and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with change in the cloud.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By