eDiscovery

By default, every document stored in OneDrive and SharePoint is indexed. Content stored in Teams (messages and files), as well as email content, is also indexed, making it available for search.

eDiscovery searches can be configured to locate data based on certain conditions, such as the following:

  • Attachment names
  • Importance
  • Has Attachments or not
  • Date when the message was sent or received
  • Size
  • Subject
  • Authors
  • File types
  • Created on
  • Created by
  • Modified on
  • Modified by
  • Detected Language
  • Path
  • Size
  • Title

Administrators can configure which users will be able to search for content inside their organizations by defining a set of permissions. There are two main permission roles related to eDiscovery, as follows:

  • eDiscovery managers: Search for content inside their organization and preview or export search results. However, eDiscovery managers can only access and manage the cases they have created.
  • eDiscovery administrators: In addition to being able to perform the same search tasks as eDiscovery Managers, eDiscovery Administrators can also access and manage any search case that's created in their organization. 

The eDiscovery process consists of a set of activities that can be performed, such as the following:

  • Creating a case and assigning users to work on the case
  • Optionally placing content to be searched on hold so that any changes that are made won't interfere with the search results
  • Defining locations to be searched
  • Creating one or more queries to find the desired information
  • Reviewing result statistics
  • Exporting search results for further analysis
Microsoft 365 eDiscovery supports the Keyword Query Language (KQL) for creating searches. You can learn more about structuring KQL queries here: https://docs.microsoft.com/en-us/microsoft-365/compliance/keyword-queries-and-search-conditions.

All the activities that are performed during an eDiscovery investigation are audited and can be reviewed and exported. eDiscovery activities, like other auditable activities in Microsoft 365, can also be configured to trigger alerts. A view of part of the eDiscovery audited activities can be seen in the following screenshot:

In addition to the core eDiscovery features for search, hold, and export, organizations can also leverage Advanced eDiscovery.  Advanced eDiscovery is a technology-assisted review platform, designed to use a combination of machine learning and human training to teach the engine what is responsive to a particular query. It's generally recommended for large datasets that need a minimum of at least 10,000 items to perform many of the advanced functions. Advanced eDiscovery enhances native case and content searches with the following capabilities:

  • Advanced data preparation, which removes duplicates, similar documents, and categorizes information according to themes
  • Trains data based on relevance to the case so that reviewers can analyze the relevant data and decide on the right amount of data to be reviewed
  • Exports relevant case data for further review

Advanced eDiscovery is outside the scope of the MS-900 exam, but more information on the capabilities of the platform are available at https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-advanced-ediscovery.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.216.186.164