Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Note: You're no longer be able to create new eDiscovery cases in SharePoint Online (in Microsoft 365 and SharePoint in Microsoft 365 standalone plans). To create eDiscovery cases and eDiscovery holds, please start using the Office 365 Security & Compliance Center. For more information, see Manage eDiscovery cases in the Security & Compliance Center. Note that you'll still be able to modify existing eDiscovery cases in SharePoint in Microsoft 365.

You have to be a Microsoft 365 global administrator in your Microsoft 365 organization to configure eDiscovery and set up an eDiscovery Center in SharePoint Online. After you set up eDiscovery, users with the required permissions can create eDiscovery cases, place content on hold, run eDiscovery searches, and export search results.

Here are the steps for setting up an eDiscovery Center in Microsoft 365:

Step 1: Create an eDiscovery Center

Step 2: Configure Exchange Online as a result source

Step 3: Create a security group for eDiscovery managers

Step 4: Assign eDiscovery permissions in SharePoint Online

Step 5: Assign eDiscovery permissions in Exchange Online

Step 1: Create an eDiscovery Center

In SharePoint Online, an eDiscovery Center is created as a site collection and is the root site of that site collection. eDiscovery cases are created as sub sites in this site collection.

Follow these steps to create an eDiscovery Center site collection.

  1. Sign in to Microsoft 365 as a global admin or SharePoint admin.

  2. Select the app launcher icon The app launcher icon in Office 365 in the upper-left and choose Admin to open the Microsoft 365 admin center. (If you don't see the Admin tile, you don't have Microsoft 365 administrator permissions in your organization.)

  3. In the left pane, choose Admin centers > SharePoint.

  4. On the Site Collections tab, click New, and then click Private Site Collection.

  5. On the New Site Collection page, complete the following boxes or sections:

    • Title: Type a name for the eDiscovery site collection; for example, Contoso eDiscovery Center.

    • Web Site Address: Do the following to create the web site address for the eDiscovery Center:

      • In the drop-down list for the domain name, select a domain name.

      • In the drop-down list for the URL path, you can use /sites/ or specify any managed path.

      • In the URL name box, type a URL name for the eDiscovery Center; for example, eDiscovery.

    • Template Selection: In this section, do the following:

      • Select a language for the site collection.

      • Under Select a template, click Enterprise, and then click eDiscovery Center.

    • Time Zone: Select a time zone from the drop-down list.

    • Administrator: Type the name of a person who will be the site collection administrator for the eDiscovery Center. You can click Check Names or Browse to find a person. Consider selecting a person in your organization who will be responsible for managing eDiscovery holds and search queries.

    • Storage Quota: Type the number of megabytes (MB) that you want to allocate to this site collection. Only the metadata about eDiscovery cases, search queries, and holds are stored against the site collection storage quota. The actual search results aren’t stored in the eDiscovery Center site collection. One gigabyte of storage (about 1024 MB) is recommended.

    • Server Resource Quota: Keep the default value of 300 for the eDiscovery Center site collection.

  6. Click OK to create the new site collection.

After a few moments, the new eDiscovery Center site collection is displayed in the list of site collections.

Top of Page

Step 2: Configure Exchange Online as a result source

To search Exchange Online mailboxes from an eDiscovery Center, you have to configure Search to include Exchange Online as a result source for the eDiscovery Center site collection. For more information, see Manage result sources.

Follow these steps to configure Exchange Online as a result source for the eDiscovery Center that you’re setting up.

  1. Go to the new eDiscovery Center that you created in Step 1. Use the Web site address that you specified; for example, https://contoso.com/sites/eDiscovery.

  2. Go to Settings > Site settings.

  3. On the Site Settings page, under Site Collection Administration, click Search Result Sources.

  4. On the Manage Result Sources page, click New Result Source.

  5. In the General Information section, in the Name box, type Exchange Online and, optionally, type a description.

  6. In the Protocol section, select Exchange.

  7. In the Exchange Source URL section, click the Use AutoDiscovercheckbox.

  8. Click Save.

After you configure Exchange Online as a result source for the eDiscovery Center, eDiscovery managers can search Exchange Online mailboxes using the eDiscovery Center.

Note: Be sure to configure Exchange Online as a result source for the eDiscovery Center site collection. If you configure it at the sub site or eDiscovery case level, you won’t be able to search Exchange Online mailboxes.

Top of Page

Step 3: Create a security group for eDiscovery managers

eDiscovery managers need the necessary permissions to search for content in SharePoint Online sites and Exchange Online mailboxes, place content on hold, and export the search results. A good way to assign permissions to a group of people is to create a security group in Exchange Online, add members to the security group, and then assign eDiscovery-related permissions to the security group in SharePoint Online and in Exchange Online.

Follow these steps to create a security group in Exchange Online.

  1. Sign in to Microsoft 365 using your global administrator account.

  2. Select the app launcher icon The app launcher icon in Office 365 in the upper-left and choose Admin to open the Microsoft 365 admin center. (If you don't see the Admin tile, you don't have Microsoft 365 administrator permissions in your organization.)

  3. In the Microsoft 365 admin center, choose Admin > Exchange.

  4. In the Exchange admin center (EAC), go to Recipients > Groups.

  5. Click New > Security group.

  6. On the New security group page, complete the following boxes:

    • Display name: This name appears in the shared address book and in the Groups list in the EAC. Use a name that identifies the purpose of the group; for example, eDiscovery Managers.

    • Alias: Type the alias for the security group. It must be unique in your Microsoft 365 organization.

    • Email address: The name that you typed in the Alias field is used to automatically generate the portion of the email address that appears to the left of the @ symbol. You can change the alias portion of the email address if necessary.

    • Description: You can use this box to describe the eDiscovery-related purpose of the security group.

  7. Under Members, click Add.

  8. Select people that you want to be members of this group and click Add. When you are finished adding members, click OK to return to the New security group page.

  9. Click the Owner approval is required checkbox so that you can manage the membership of this group and control who can use the eDiscovery Center.

  10. Click Save.

Top of Page

Step 4: Assign eDiscovery permissions in SharePoint Online

The next step is to assign permissions to the members of the security group that you created in Step 3 so they can use the eDiscovery Center and search for content on SharePoint sites. This requires three different permissions assignments:

  • Assign owner permissions to the eDiscovery managers security group for the eDiscovery Center created in Step 1. As site collection owners, eDiscovery managers will be able to create cases, place content sources on hold, and export search results. Site collection owners can also give other users access to specific eDiscovery cases.

  • Make the eDiscovery managers security group site collection administrators for all site collections in your SharePoint Online organization that contain searchable content. This lets eDiscovery managers have access to all content in your SharePoint Online organization and view the search results in the eDiscovery Center.

  • Give the eDiscovery managers security group read permissions to the crawl logs for your SharePoint Online organization. This lets eDiscovery managers view any crawl log errors, which are included in a report when eDiscovery search results are exported.

Important: If you or an eDiscovery manager has to search for content stored on OneDrive for work or school sites, you need to assign specific permissions for that task. For step-by-step details, see Assign eDiscovery permissions in the Microsoft 365 Security & Compliance Center.

Follow these steps to make the members of a security group the site collection owners of the eDiscovery Center.

  1. In the eDiscovery Center, go to Settings > Site settings.

  2. On the Site Settings page, under Users and Permissions, click Site permissions.

  3. Click the <name of site collection> Owners group for the site collection.

  4. In the New drop-down list, click Add Users.

  5. In the Invite people box, type the name of the eDiscovery managers security group, and then click Share.

Follow these steps to make members of the eDiscovery managers security group site collection administrators for a site collection. Repeat these steps for each site collection in your SharePoint Online organization.

  1. Go to the top-level site in the site collection, and then click Settings > Site settings.

  2. On the Site Settings page, under Users and Permissions, click Site Collection Administrators.

  3. Type the name of the eDiscovery managers security group in the Site collection administrators box and then click OK.

Follow these steps to give members of the eDiscovery managers security group read permissions to crawl log information for your organization.

  1. Sign in to Microsoft 365 as a global admin or SharePoint admin.

  2. Select the app launcher icon The app launcher icon in Office 365 in the upper-left and choose Admin to open the Microsoft 365 admin center. (If you don't see the Admin tile, you don't have Microsoft 365 administrator permissions in your organization.)

  3. In the left pane, choose Admin centers > SharePoint.

  4. In the SharePoint admin center, click Search.

  5. On the Search administration page, click Crawl Log Permissions.

  6. In the Crawl Log Permissions box, type the name of the eDiscovery managers security group, and then click OK.

Top of Page

Step 5: Assign eDiscovery permissions in Exchange Online

The last step is to assign eDiscovery permissions in Exchange Online to the security group that you created in Step 3. You do that by adding the security group to the Discovery Management admin role group in Exchange Online. This will let members of the security group use the eDiscovery Center to search mailboxes, place them on hold, and export mailbox search results.

Follow these steps to assign eDiscovery permissions in Exchange Online to the eDiscovery managers security group.

  1. Sign in to Microsoft 365 using your global administrator account.

  2. Select the app launcher icon The app launcher icon in Office 365 in the upper-left and choose Admin to open the Microsoft 365 admin center. (If you don't see the Admin tile, you don't have Microsoft 365 administrator permissions in your organization.)

  3. In the Microsoft 365 admin center, choose Admin > Exchange.

  4. In the EAC, go to Permissions > Admin roles.

  5. Click Discovery Management, and then click Edit.

  6. Under Members, click Add.

  7. Select the security group that you created for eDiscovery managers, click Add, and then click OK.

  8. Click Save.

The eDiscovery managers security group is listed under Members in the details pane.

Top of Page

Next steps

After you set up eDiscovery in your Microsoft 365 organization, eDiscovery managers can use the eDiscovery Center to create eDiscovery cases, place content and mailboxes on hold, run eDiscovery searches, and export search results. For more information about performing these tasks, see:

Plan and manage eDiscovery cases

Add content to an eDiscovery case and place sources on hold

Searching and using keywords in eDiscovery

Create and run eDiscovery queries

Export eDiscovery content and create reports

More information

  • No additional steps are necessary to set up Lync Online for eDiscovery. By default, Lync conversations are saved to the Conversation History folder in a person’s Exchange Online mailbox, and will be returned in eDiscovery search results if the search criteria is met. However, users can delete items in the Conversation History folder or turn off the setting that saves Lync conversations to their mailbox. If you want to preserve Lync conversations for eDiscovery, you will have to place an In-Place Hold or a Litigation Hold on users’ mailboxes. See Create or Remove an In-Place Hold.

  • A SharePoint Online administrator can configure result sources for all site collections and sites in their SharePoint Online organization. A site collection administrator or a site owner can manage result sources for a site collection or a site, respectively.

  • Why use a security group in Exchange Online? If you create a security group in Exchange Online, you can use this same group to assign permissions in both SharePoint Online and Exchange Online. Also, assigning permissions to a group instead of assigning them to individual users lets you easily manage access to the eDiscovery Center. For example, to give a new employee access to the eDiscovery Center, all you have to do is add them as a member of the eDiscovery managers security group.

  • To be discoverable, content on SharePoint sites or on other web sites must be crawled by a Search service that is associated with an eDiscovery Center. Content that can’t be crawled won’t be included in the results of an eDiscovery search.

  • Why give eDiscovery managers read permissions to SharePoint Online crawl log information, as previously described in Step 4? The crawl log tracks information about the status of crawled content. Crawl log errors are downloaded as part of the search results, to an Excel file named SharePoint Index Errors, which is located in the Reports folder. This lets eDiscovery mangers view errors about failed indexing.

  • Site collection owners have full control of the eDiscovery Center and all eDiscovery case sub sites. They can also create eDiscovery case sub sites. Therefore eDiscovery Center owners can create eDiscovery cases and choose to assign unique permissions to each one. This lets an owner give a specific eDiscovery manager or security group full control of a specific eDiscovery case by assigning them owner permissions.

  • If the primary purpose of the security group that you created in Step 3 is to assign eDiscovery permissions to a group of users, you may want to hide this group in your organization’s address book. To do this, select the group in the EAC and click Edit. On the General page, click the Hide this group from address lists checkbox, and then save the change. People can still send email messages to the group by typing the group’s email address in the To: box, but the group won’t be displayed in the address book.

Top of Page

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×