Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Become a Microsoft Purview eDiscovery Ninja
Published Sep 30 2021 01:00 PM 193K Views
Microsoft

Become a Microsoft Purview eDiscovery Ninja

Stefanie_Bier_0-1633036805043.jpeg

In this blog post, we share the top resources for eDiscovery users to become masters of the Microsoft Purview eDiscovery Premium solution! After each level, we offer you a knowledge check based on the training material you have just completed. The goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. 

 

The training sessions are split into eight different sections in order to better align with the Electronic Discovery Reference Model:

  • Overview
  • Getting Started
  • Identification
  • Preservation
  • Collection & Processing
  • Review & Analysis
  • Production
  • Advanced

Advanced eDiscovery in Microsoft 365 is now Microsoft Purview eDiscovery Premium! 

 

Consistent with our One Microsoft philosophy, Microsoft Purview offers a comprehensive set of solutions across information protection, data governance, risk management, and compliance to help organizations govern and protect data across their multicloud, multi-platform data environment, while helping them meet their compliance requirements.

 

Previously, customers used Azure Purview for unified data governance and Microsoft 365 Compliance solutions to help protect their data and manage risks across their organization. We believe governance and compliance are inherently interrelated data management and business imperatives that should be treated in a unified fashion. That is why we are extending the Purview name and rebranding the combined data governance and compliance platforms to Microsoft Purview.

 

CaitlinFitzgerald_0-1665682455461.png

 

*This training will be updated on a quarterly basis to ensure you all have the latest and greatest material! 

 

Microsoft Purview eDiscovery (Premium)

The Microsoft Purview eDiscovery (Premium) solution provides customers with the ability to identify, preserve, collect, process, analyze, review, and produce content that is responsive to your organization's internal and external investigations. Discovering and managing data is challenging. To help solve these challenges, we provide customers with tools that enable them to do more in-place eDiscovery in Microsoft 365, thereby reducing risks associated with either creating multiple copies or exporting content outside of your security and compliance boundaries. Using Microsoft Purview eDiscovery Premium, you can reduce the content and only export matter relevant content.

 

Glossary/Abbreviations

eDP

eDiscovery Premium (formerly Advanced eDiscovery)

eDS

eDiscovery Standard (formerly Core eDiscovery)

AeD

Advanced eDiscovery

EXO

Exchange Online

ODB/OD4B

OneDrive (formerly OneDrive for Business)

SPO

SharePoint (formerly SharePoint Online)

M365

Microsoft 365

ESI

Electronically Stored Information, as defined in the Federal Rules of Civil Procedure, refers to any type of information that is created, used, and stored in digital form and accessible by digital means.

Retention

The amount of time an organization maintains information, taking into consideration its business, legal, regulatory, fiscal, and risk requirements. In M365, retention is managed using retention labels and policies.

Preservation

The process by which organizations retain relevant information when litigation is pending or reasonably anticipated. In M365, this is managed through hold policies.

Data Sources

These are the locations (EXO, SPO, OneDrive) of data that will be targeted for tasks in the eDiscovery case.

Legal Holds (in-place holds)

The process by which organizations preserve potentially relevant information when litigation is pending or reasonably anticipated.

Collections

A workflow that is comprised of a search that is executed within an Advanced eDiscovery case. Collections include user, keyword, data, etc.

Review Sets

A static set of documents that have been through processing tasks including embedded item extraction, additional indexing, and OCR Within a Review Set, users can analyze, query, view, tag, and export data.

 

Overview

The Overview will familiarize you with eDiscovery (Premium) and showcases some typical use case scenarios.

  1. eDiscovery in M365 Introduction
    1. Course: Describe the eDiscovery capabilities of Microsoft 365 - Learn, 33 min, 9 Units
  2. Overview of eDiscovery (Premium)
    1. Interactive Guide: Get started with Microsoft Purview eDiscovery (Premium)
    2. Youtube Video: Efficiently respond to regulatory, legal, and internal obligations with Advanced eDiscovery, 16 min
    3. Blog: Microsoft Purview - Paint By Numbers Series (Part 5) - Advanced eDiscovery
  3. Advanced eDiscovery workflow
    1. Youtube Video: Learn how Advanced eDiscovery helps to support the modern ways users are collaborating, 15 min
    2. Course: Discover and analyze content in place using Advanced eDiscovery - Learn, 2hr 2 min, 10 Units
    3. Document: eDiscovery premium architecture

 

Getting Started

Getting Started will focus on considerations and tasks for a successful deployment and setup of Advanced eDiscovery, including user permissions, global & case settings, compliance boundaries, and case creation & management.

  1. Permissions
    1. Document: Assign eDiscovery permissions
    2. Document: Add or remove members from a case
  2. Settings
    1. Document: Configure global settings for eDiscovery (Premium)
    2. Document: Configure search and analytics settings
    3. Document: Manage jobs in eDiscovery (Premium)
  3. Compliance Boundaries
    1. Document: Set up compliance boundaries for eDiscovery investigations
  4. Case Creation & Management
    1. Course: Manage Advanced eDiscovery - Learn, 34 min, 8 Units
    2. Document: Use the new case format in eDiscovery (Premium) 
    3. Document: Close or delete a case

Ready for the Getting Started Knowledge Check?

 

Identification

Identification is used to identify potential sources of relevant information. Learning the location of potentially discoverable data is necessary to issue an effective legal hold or conduct a thorough investigation.

In the Identification section, learn how to identify and manage custodial and non-custodial data sources, how to use the custodian audit activity to identify additional relevant data sources, and recommended management of Teams and Yammer data in eDiscovery.

  1. Data Sources
    1. Document: Work with custodians and non-custodial data sources in eDiscovery (Premium)
    2. Document: Add custodians to an eDiscovery (Premium) case 
    3. Document: Add non-custodial data sources to an eDiscovery (Premium) case
    4. Document: Import custodians in bulk
    5. Document: Manage custodians in an eDiscovery (Premium) case 
  2. Teams and Yammer workflow
    1. Document: eDiscovery (Premium) workflow for content in Microsoft Teams
    2. Webinar: eDiscovery for Teams, 59 min
    3. Document: Overview of eDiscovery in Yammer
  3. View custodian audit activity
    1. Document: View custodian audit activity
    2. Document: Microsoft Purview Audit (Premium)
    3. Course: Track user and admin activity with Advanced Audit - Learn | Microsoft Docs, 1hr 5 min, 10 modules
    4. Blog: Harnessing Advanced Audit to power your forensic investigations in 5 steps (microsoft.com)
    5. Youtube Video: Microsoft 365 Advanced Auditing for forensic and compliance investigations

Ready for the Identification Knowledge Check?

 

Preservation

Preservation is triggered upon reasonable anticipation of litigation, requiring legal teams to promptly isolate and protect potentially relevant data in ways that are: legally defensible, reasonable, proportionate, efficient, auditable, broad but tailored, and mitigate risks.

In the Preservation section, learn how to manage in-place legal holds and send legal hold notifications using Communications.

  1. Legal Holds
    1. Document: Manage holds in eDiscovery (Premium) - Custodial Holds
    2. Document: Manage holds in eDiscovery (Premium) - Non-Custodial Holds
    3. Document: How to identify the type of hold placed on an Exchange Online mailbox
    4. Document: View hold statistics
  2. Legal Hold Notifications
    1. Document: Work with Communications in eDiscovery (Premium)

Ready for the Preservation Knowledge Check?

 

Collection & Processing

Collection is the acquisition of potentially relevant electronically stored information (ESI) as defined in the identification phase of the electronic discovery process.

Processing is a set of automated actions on ESI to allow for metadata preservation, itemization, normalization of format, and data reduction. Typically, processing will create a copy of data to a new location (such as an Azure blob) while preserving the original data.

In the Collection/Processing section, learn the benefits of advanced indexing, error remediation, how to target and collect relevant content and reduce data volumes.

  1. Collections
    1. Document: Create a draft collection
    2. Document: Commit a draft collection to a review set
    3. Document: Collection statistics and reports
    4. Document: Build search queries in eDiscovery (Premium)
    5. Document: Keyword queries and search conditions for eDiscovery
  2. Advanced Indexing
    1. Document: Advanced indexing of custodian data
    2. Document: Work with processing errors in eDiscovery (Premium)
    3. Document: Error remediation when processing data
    4. Document: Partially indexed items in Content Search and other eDiscovery tools
    5. Document: Supported file types in eDiscovery (Premium)

Ready for the Collection & Processing Knowledge Check?

 

Analysis & Review

Analysis is often part of early case assessment will involve using analysis tools to develop a better understanding of the data in question through the detection of patterns, trends, and similarities.

Review is used to identify relevant data for production and gain a greater understanding of the factual issues in a case and where legal strategies can emerge and begin to develop based on the type of information that is found in the documents.

In the Analysis & Review section, learn how to manage review sets, search, view, and tag documents, and use analytics tools to power your review.

  1. Review Sets Administration
    1. Document: Manage review sets in eDiscovery (Premium)
    2. Document: Analyze data in a review set in eDiscovery (Premium)
    3. Document: Load non-Microsoft 365 data into a review set
    4. Document: Add data from one review set to another review set
  2. Review Sets (Search, Review, Tag)
    1. Document: View documents in a review set in eDiscovery (Premium)
    2. Document: Query the content in a review set
    3. Document: Tag documents in a review set
    4. Document: Review conversations in eDiscovery (Premium)
    5. Document: Teams workflow in eDiscovery(Premium)

Ready for the Analysis & Review Knowledge Check?

 

Production (Export)

Production is the process of preparing ESI in an efficient and usable format to reduce cost, risk, and errors in a format that meets agreed production specifications and timelines.

In the Production section, learn how to export data for production, or additional processing and review.

  1. Exports
    1. Document: Export case data in eDiscovery (Premium)
    2. Document: Export documents from a review set
    3. Document: Export documents to your organization's Azure Storage account
    4. Document: Large cases in eDiscovery (Premium) (Preview)

Ready for the Production Knowledge Check?

 

Advanced

In the Advanced section, leverage additional features to enhance the eDiscovery (Premium) features.

  1. Graph API (beta)
    1. Youtube Video: Automate and extend Advanced eDiscovery workflows with Graph API - YouTube - YouTube, 18 min
    2. Document: Use the Microsoft Graph eDiscovery API - Microsoft Graph beta | Microsoft Docs
  2. Predictive Coding/Continuous Active Learning (preview)
    1. Document: Predictive coding in Advanced eDiscovery - Quick start
  3.  Licensing
    1. Document: Microsoft Purview eDiscovery Subscriptions and Licensing

Ready for the Advanced Knowledge Check?

 

Additional Resources

  1. M365 Roadmap: Roadmap of upcoming features and changes Microsoft 365 Roadmap | Microsoft 365
  2. Message Center: Notifications and details of updated changes to M365 Message center - Microsoft 365 admin | Microsoft Docs – all solutions in the service
  3. Tech Community – Security and Compliance: Blogs, community forums, and more Security, Compliance, and Identity - Microsoft Tech Community – blogs
  4. NEW! Purview eDiscovery Playbook - Get step-by-step guidance and tips to maximize your eDiscovery investment with Microsoft in the eDiscovery Playbook from Epiq—the 2023 Microsoft Compliance Partner of the Year. https://aka.ms/eDiscovery/Playbook 
  5. Meeting Modern eDiscovery Challenge White Paper
  6. Interactive User Guide: Get started with Microsoft Purview eDiscovery (Premium)
  7. IDC MarketScape: Worldwide eDiscovery Early Case Assessment 2022 Vendor Assessment: Read the excerpt.
  8. Additional Webinars: Register for new webinars and view past webinars for all M365 compliance tools, including eDiscovery: Webinars - Compliance Customer Experience Engineering (CxE)

 

Huge thanks to @Heather_Eckman and the entire eDiscovery CxE team for creating the eDiscovery Ninja page! 

12 Comments
Co-Authors
Version history
Last update:
‎Dec 19 2023 12:35 PM
Updated by: