eDiscovery solutions in Microsoft 365
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. You can use eDiscovery tools in Microsoft 365 to search for content in Exchange Online mailboxes, Microsoft 365 Groups, Microsoft Teams, SharePoint Online and OneDrive for Business sites, and Skype for Business conversations, and Yammer teams. You can search mailboxes and sites in the same eDiscovery search by using the Content Search tool. And you can use Core eDiscovery cases to identify, hold, and export content found in mailboxes and sites. If your organization has an Office 365 E5 or Microsoft 365 E5 subscription (or related E5 add-on subscriptions), you can further manage custodians and analyze content by using the Advanced eDiscovery solution in Microsoft 365.
Microsoft 365 provides the following eDiscovery tools:
The following table contains links to articles that will help you use the Content search tool.
|Run a search
||Learn how to use the Content Search tool to search mailboxes, public folders, Microsoft 365 Groups, Microsoft Teams, SharePoint Online sites, One Drive for Business locations, and Skype for Business conversations in your organization in a single search.
|Keyword queries and search conditions
||Learn about the email and file properties and search conditions you can use to search for content in mailboxes and sites in your organization.
|View keyword statistics for search results
||Learn how to use search statistics to display and compare the statistics for one or more content searches, and to configure new and existing searches to return statistics for each keyword in the search query.
|Export search results
||Learn how to export the results of a Content search.
|Configure permissions filtering for Content search
||Learn how to use permissions filtering to let an eDiscovery manager search only a subset of mailboxes and sites in your organization.
|Export a search report
||Learn how to download the export report without having to export the actual search results.
|Content search limits
||Learn about the limits of the Content Search tool, such as the maximum number of searches that you can run at one time.
|Unindexed items in Content search
||Learn about unindexed items in Exchange and SharePoint that you can include in the estimated search result statistics when you run a search. You can also include unindexed items when you export search results.
|Search for and delete email messages
||Learn how to use Content search to search for and delete an email message from all mailboxes in your organization. This can help you find and remove potentially harmful or high-risk email.
|Search the mailbox and OneDrive accounts for a list of users
||Learn how to use a script to search the mailbox and One Drive for Business site for a group of users. See Create a list of all OneDrive locations for steps on how to quickly generate a list of email addresses that you can use for the source content locations when you create and run content searches.
|Use Content search for targeted collections
||Learn how to use the Windows PowerShell script in this article to perform targeted collections using Content search. A targeted collection means you want to search a specific folder because you're confident that items responsive to a case (or privileged items) are located in that folder. Use the script in this article to obtain the folder ID or path for the specific mailbox or site folders that you want to search.
The following table contains links to topics that will help you use Core eDiscovery cases. You can use Core eDiscovery cases to add eDiscovery managers who can access the case, place an eDiscovery hold on content locations relevant to the case, search for content, and export the search results from the case.
|Get started with Core eDiscovery||Learn how to assign eDiscovery permissions and create Core eDiscovery cases. This topic also provides an overview of the Core eDiscovery workflow.
|Assign eDiscovery permissions||Learn how to assign permissions to users so they can search for content, place content locations on hold, and perform other eDiscovery-related tasks in a Core eDiscovery case.|
|Set up compliance boundaries for Core eDiscovery||Learn how to use compliance boundaries to create logical boundaries within an organization that control the content locations that an eDiscovery manager can search.|
|Create an eDiscovery hold||Learn how to create eDiscovery holds that associated with a Core eDiscovery case to preserve content relevant to the case you're investigating.|
|Search for content in a case||Learn how to search for content that's relevant to a case. You can quickly create searches that search the content locations on hold.|
|Export content from a case||Learn how to export and download content from a Core eDiscovery case.|
|Close, reopen, and delete a case||Learn how to manage the lifecycle of a Core eDiscovery case.|
The Advanced eDiscovery solution in Microsoft 365 (also called Advanced eDiscovery v2.0) builds on the existing eDiscovery and analytics capabilities in Microsoft 365. This eDiscovery solution provides an end-to-end workflow to preserve, collect, review, analyze, and export content that's responsive to your organization's internal and external investigations. It also lets legal teams manage custodians and the entire legal hold notification workflow to communicate with custodians involved in a case.
|Overview of Advanced eDiscovery||This article introduces Advanced eDiscovery, outlines the business justification for using this tool, presents Advanced eDiscovery architecture, and provides a high-level overview of the built-in workflow of Advanced eDiscovery.|
|Set up Advanced eDiscovery||Learn how to get started using Advanced eDiscovery, including the required licensing and necessary eDiscovery permission.|
|Create and manage a case||This article shows you how to create an Advanced eDiscovery case and provides a walk-through of the Advanced eDiscovery workflow.|
|Manage custodians||Learn about working with custodians in an Advanced eDiscovery. This topic links to step-by-step instructions to add custodians to a case, managing custodians in a case, and viewing custodian activity in Microsoft 365 by searching the audit log.|
|Manage custodian communications||Learn about managing the legal hold notification process in Advanced eDiscovery. This includes creating and automating the notification workflow and how a user acknowledged a hold notification.|
|Manage processing errors||Learn about Advanced indexing and how to remediate indexing errors in content from custodial and non-custodial content locations, such as Exchange mailboxes, SharePoint sites, and OneDrive accounts. You can bulk-remediate errors and then upload remediated files to a review set or remediate individual processing errors within a review set.|
|Collect data for a case||Learn about searching for content in custodial content locations, and then adding relevant case data to a review set. When you copy content to a review set, the data is copied from the original content locations to a Microsoft-provided Azure Storage location. This provides a static set of documents for the review process.|
|Manage review sets||Learn about reviewing case data in a review set. This includes viewing, querying, filtering, and tagging documents in a review set.|
|Analyze data in a review set||Learn about running analysis on the documents in a review set. The results of running analysis include near-duplication detection, email threading, and themes identification.|
|Export case data||Learn about exporting data from a case for external review.|
To see what eDiscovery features have been launched, are rolling out, or in development, see the Microsoft 365 Roadmap.