Learn How to Use eDiscovery in Office 365 (O365) - 5 Easy Steps


Are you willing to know how to use Office 365 eDiscovery? eDiscovery or Electronic Discovery is a platform that is used to locate, collect, and produce “Electronically Stored Information” (ESI) for legal purposes. Items like emails, voicemails, databases, documents, presentations, audio/video files, social media, and websites are considered as ESI. However, in-place eDiscovery of Office 365 can also be used for identifying, searching and exporting O365 mailboxes. In order to use Office 365 eDiscovery, users need to be aware of the complete procedure. Here we will learn the method to run Office 365 eDiscovery with step-by-step description.

How to Use Office 365 eDiscovery

In-Place eDiscovery is situated in Exchange admin center of Office 365. Follow these steps to use eDiscovery in O365.

1. Assigning Users Permissions for Security & Compliance for eDiscovery

Users have to be assigned to the roles in Security & Compliance Center in order to perform any eDiscovery tasks. There are two role groups in eDiscovery, called ‘Reviewer’ and ‘eDiscovery Manager.’

  • Reviewer: In this restrictive role group, members are only permitted to open and view eDiscovery cases of Security & Compliance Center. They are not permitted to perform any other task like creating searches or adding members. However, the members do have access to Advanced eDiscovery cases for performing analysis tasks.
  • eDiscovery Manager: This role group allows its members to create and edit searches, add and remove people to a case, export content search results, etc. It also lets users create search results in Advanced eDiscovery for analysis.

Allow Permissions to Access Permissions Menu of Security & Compliance Center

  • First of all, select the permission of your choice and click Edit icon to modify the option. On the next page, click on + icon to add users to ‘Administrator role’ and ‘eDiscovery Manager.’
  • Repeat this process to add Reviewers, but select to edit ‘Review role group.’ Now the permissions are set and assigned users can execute different eDiscovery Center tasks.

2. Creating an eDiscovery Case

  • Users have to access Security & Compliance Center to create a new case in eDiscovery. Then click on Search & investigation>> eDiscovery, and then click on + Create a case button.
  • In the right panel, boxes will appear where you have to enter case name and description of the case. Click Save.
  • A new case has been created. It will be displayed on the main page of eDiscovery.

3. Adding Members to the eDiscovery Case

On next step, members have to added to the case. Only members of role groups ‘Reviewer’ or ‘eDiscovery Manager’ can be added as the case members.

  • Go to Security & Compliance Center. Click on Search & investigation >> eDiscovery. All cases of your organization will be displayed.
  • Click on the case name where you want to add members. ‘Manage this case’ page will appear. Click on + Add button to add members.
  • Select users from eDiscovery Managers list and click on Add button.
  • After successful addition, confirmation notice will appear on screen.

4. Placing Legal Hold on Existing Content

Using eDiscovery case, users can place hold on certain contents to preserve it. Users can put hold upon mailboxes, group mailboxes, OneDrive for Business sites, SharePoint sites and sites associated with Microsoft. Once hold is placed on content location, that content will remain there until you remove the hold or delete the hold from that location. There are options for placing hold that determines the scope of hold:

  • You can place either infinite hold or query-based hold. The infinite hold is placed on all contents while query-based hold is placed only on contents that match a particular search query.
  • Hold can be placed within a specific date range when the contents were created, sent, or received. Otherwise, you can place hold on all contents.

Adding Hold on Contents

  • Navigate to Security & Compliance Center and click on Search & investigation >> eDiscovery to get the list of cases. Click Open button beside the case that you want to place hold upon. Click Hold tab from Menu of the case homepage.
  • Click on + icon to create a new Hold page.
  • Give a name for the hold that is unique to your organization.
  • Now, choose the location where the hold will be placed. The location can be a mailbox, sites, and even public folders. To add SharePoint, click on + button, then enter the URL you want to place hold on and finally click Add.
  • Click Next after addition is done.
  • If you want to create a query-based hold, enter values that you want to search in the box. Or else, leave it blank to put hold on all contents.
  • Extra conditions can be added to narrow down the results.
  • After configuring, click Finish to generate the query-based hold. It takes some time for this process to get completed.
  • You can see the detailed information of the new hold created in the right pane of the Hold page of that particular hold. These information will give you complete idea about how much eDiscovery case content is put on hold.
  • Users can also click on Update statistics to learn the latest hold statistics. They can also click Refresh to update these statistics in the detailed pane.

5. Creating and Running Content Search

After performing these steps, users can create and run searches for contents related to the case. Case Content Searches can be accessed only by users who are members of both the eDiscovery Manager role group and the case.

  • Go to Security & Compliance Center, click Search & investigation >> eDiscovery. Find out in which case you want to create a Content Search and click Open. Wait till the case loads and select Search.
  • Click + button to load a search window. Enter a name for the search.
  • Choose from these options to select your search location. You can choose the first option if you want to search contents put on hold. To search other places like mailboxes, choose Search everywhere or Custom location selection options.
  • If you select Search everywhere option, also select all options that will appear under it.
  • If you select Custom location selection option, choose your preferred location from the list of options.
  • After location selection is done, click Next. Enter conditions and keywords to generate a search query. Users can use Sensitive Type syntax here.
  • Users can also add similar conditions that were used while putting hold on content. Save the search to make it run.
  • Once the search is done, its results can be exported. Mailbox items get downloaded in PST format or as individual messages. SharePoint and OneDrive for business contents get exported as native Office documents and also other documents.

Conclusion

We have learned how to use Office 365 eDiscovery from this post. These are the basic steps to perform some elementary tasks using eDiscovery in Office 365. Apart from these, there are many other tasks that can be performed using this platform. However, users need to have in-depth knowledge to perform advanced level eDiscovery tasks. eDiscovery helps to protect documents that are important for litigation from being edited or deleted. The usage of Office 365 eDiscovery in the court of law will prove to be more beneficial in coming days.