Tutorial / Cram Notes
Electronic Discovery (eDiscovery) is a process used by organizations to identify, collect, preserve, and review electronic information that may be relevant to legal cases, investigations, or regulatory requirements. Microsoft 365 provides two levels of eDiscovery tools: eDiscovery (Standard) and Advanced eDiscovery.
eDiscovery (Standard)
eDiscovery (Standard) in Microsoft 365 allows you to:
- Search and export content found in Exchange mailboxes, SharePoint sites, OneDrive for Business locations, and Microsoft Teams.
- Apply legal hold on items to preserve them indefinitely for legal review.
- Export search results for further analysis.
Advanced eDiscovery
Advanced eDiscovery offers additional capabilities:
- Identifying and communicating with custodians.
- Preserving data in place with legal hold notifications.
- Utilizing advanced analytics, such as predictive coding and email threading.
- Reviewing and annotating documents within the platform.
- Exporting reports and responsive documents for legal review.
Planning for eDiscovery
Before configuring eDiscovery, it’s essential to have a plan. Here are key considerations:
- Data Governance: Understand your data landscape and how Microsoft 365 compliance features can manage this data. Generation, retention, and deletion policies will impact eDiscovery.
- Roles and Permissions: Define who will have access to eDiscovery tools and which roles they’ll perform. Roles include eDiscovery Manager, eDiscovery Administrator, and Compliance Administrator.
- Case Management: Determine how you’ll organize cases. Each legal matter should have a designated case in eDiscovery with specific members and data sources.
- Legal Hold Workflow: Develop processes for issuing, monitoring, and releasing legal holds.
- Search Strategy: Outline methods for constructing searches to effectively identify relevant information.
Configuring eDiscovery (Standard)
To configure eDiscovery (Standard):
- Assign eDiscovery Permissions:
- Go to the Microsoft 365 compliance center.
- Navigate to Permissions and choose eDiscovery Manager to assign roles.
- Create an eDiscovery Case:
- Go to eDiscovery > eDiscovery.
- Create a new case, give it a name, and add a description.
- Add members who can access the case.
- Search for Content:
- Under the created case, start a new search.
- Define search parameters, such as keywords, date ranges, and locations.
- Place Content on Hold:
- Within the eDiscovery case, create a new hold.
- Specify the content locations and conditions of the hold.
- Export Results:
- After confirming the search results, export them for review.
Configuring Advanced eDiscovery
To utilize Advanced eDiscovery:
- Assign Advanced eDiscovery Permissions:
- In the Microsoft 365 compliance center, specific roles like eDiscovery Administrator will also grant access to Advanced eDiscovery features.
- Set up a Case:
- Advanced eDiscovery requires a case setup similar to eDiscovery (Standard).
- Add Custodians:
- Identify and assign custodians to the case. Their data sources will be automatically associated with the case.
- Use Analytics:
- Advanced eDiscovery provides options like Near Duplicate Identification and Email Threading—tools that can streamline the review process.
- Review and Export Data:
- Documents can be reviewed and annotated within the platform.
- Export results when ready, including only pertinent information.
Comparison Between eDiscovery (Standard) and Advanced eDiscovery
| Feature | eDiscovery (Standard) | Advanced eDiscovery |
|---|---|---|
| Search and Export Content | Yes | Yes |
| Legal Holds | Yes | Yes |
| Analytics and Predictive Coding | No | Yes |
| Case Management | Basic | Advanced |
| Communication with Custodians | No | Yes |
| Review Sets | No | Yes |
| Export Advanced Reports | No | Yes |
In conclusion, Microsoft 365 provides robust tools for eDiscovery, catering to standard and complex requirements. When planning and configuring eDiscovery or Advanced eDiscovery for the MS-101 exam, understanding the functionality, limitations, and application of these tools within your organization is critical. With a solid grasp on these concepts, professionals will be better equipped to leverage Microsoft 365 technologies for effective information governance and legal compliance.
Practice Test with Explanation
True or False: In order to create an eDiscovery case, you must have the eDiscovery Manager role assigned in the Microsoft 365 compliance center.
- (A) True
- (B) False
Answer: A) True
Explanation: To create an eDiscovery case, you must have the appropriate permissions, including the eDiscovery Manager role in the Microsoft 365 compliance center.
Which of the following can be put on hold in an eDiscovery case?
- (A) SharePoint Online sites
- (B) OneDrive for Business accounts
- (C) Exchange Online mailboxes
- (D) Microsoft Teams chats
- (E) All of the above
Answer: E) All of the above
Explanation: eDiscovery cases can be used to put holds on SharePoint Online sites, OneDrive for Business accounts, Exchange Online mailboxes, and Microsoft Teams chats.
True or False: Content searches in eDiscovery are not able to search for items that are encrypted.
- (A) True
- (B) False
Answer: B) False
Explanation: eDiscovery content searches can search for encrypted items in Microsoft 365, depending on the encryption method and if keys are accessible.
Which tool provides the functionality of analyzing large volumes of data within Microsoft 365 and includes features like near-duplicate detection and email threading?
- (A) Content Search
- (B) Core eDiscovery
- (C) Advanced eDiscovery
- (D) Search and Compliance Center
Answer: C) Advanced eDiscovery
Explanation: Advanced eDiscovery offers complex analytics, including near-duplicate detection and email threading, and is suitable for analyzing large volumes of data.
True or False: An eDiscovery hold can be applied only to entire mailboxes and SharePoint sites, not to specific content.
- (A) True
- (B) False
Answer: B) False
Explanation: In eDiscovery, you can place holds on entire mailboxes and SharePoint sites or target specific content based on search queries.
Advanced eDiscovery integrates with which communication tool to analyze and manage custodian communications?
- (A) Yammer
- (B) Skype for Business
- (C) Microsoft Teams
- (D) Exchange Online
Answer: C) Microsoft Teams
Explanation: Advanced eDiscovery integrates with Microsoft Teams to analyze and manage custodian communications.
When processing data for a case, Advanced eDiscovery can automatically recognize and protect sensitive information using:
- (A) Encryption
- (B) Data loss prevention policies
- (C) Sensitivity labels
- (D) Transport rules
Answer: C) Sensitivity labels
Explanation: Advanced eDiscovery can recognize sensitive information using sensitivity labels to help protect and manage data appropriately.
True or False: To conduct searches with Advanced eDiscovery, you must first export the data to a third-party tool.
- (A) True
- (B) False
Answer: B) False
Explanation: Advanced eDiscovery allows you to conduct searches and analyze data without exporting it to a third-party tool.
In Microsoft 365, which role group grants members the ability to manage eDiscovery cases but does not allow them to access the actual content in the cases?
- (A) eDiscovery Administrator
- (B) Compliance Administrator
- (C) eDiscovery Manager
- (D) Reviewer
Answer: D) Reviewer
Explanation: The Reviewer role group in eDiscovery allows members to manage cases, but they cannot access the actual content within those cases.
Which feature of Advanced eDiscovery helps in organizing unstructured data into themes?
- (A) Predictive coding
- (B) Themes
- (C) Pivot tables
- (D) Keyword queries
Answer: B) Themes
Explanation: The themes feature in Advanced eDiscovery helps in categorizing and organizing unstructured data into thematic groups for better analysis.
True or False: When using Core eDiscovery in Microsoft 365, there is an automatic enforcement of litigation hold on data sources associated with a case.
- (A) True
- (B) False
Answer: B) False
Explanation: While you can use Core eDiscovery to place content on hold, it’s not automatic; legal holds must be created and configured as part of the case.
What type of data can be collected and preserved in a SharePoint site collection for legal hold in an eDiscovery case?
- (A) Documents and files
- (B) Lists
- (C) Pages
- (D) All of the above
Answer: D) All of the above
Explanation: When placing a SharePoint site on legal hold, all data, including documents, lists, and pages, can be collected and preserved for eDiscovery purposes.
Interview Questions
What is eDiscovery in Microsoft 365?
eDiscovery in Microsoft 365 is a tool that enables organizations to search and discover content across multiple sources, such as email, Microsoft Teams, and SharePoint.
What is Advanced eDiscovery?
Advanced eDiscovery is an add-on to eDiscovery in Microsoft 365 that includes additional features, such as machine learning and analytics, to help identify relevant content more efficiently.
What is a case in eDiscovery?
A case in eDiscovery is a container for managing the eDiscovery process for a specific legal matter, such as a litigation or investigation.
What are the steps involved in creating an eDiscovery case?
The steps involved in creating an eDiscovery case in Microsoft 365 include specifying the case name and description, adding members and assigning roles, adding sources, creating a search query, and exporting the results.
What are the three roles that can be assigned to members of an eDiscovery case?
The three roles that can be assigned to members of an eDiscovery case are administrator, reviewer, and custodian.
What is a query in eDiscovery?
A query in eDiscovery is a search criteria that is used to find content across multiple sources.
What is a search estimate in eDiscovery?
A search estimate in eDiscovery is an estimation of the number of items that will be returned by a search query.
What is a search filter in eDiscovery?
A search filter in eDiscovery is used to refine the search results by specifying additional search criteria, such as date range or file type.
What is a review set in eDiscovery?
A review set in eDiscovery is a subset of search results that are selected for review by the eDiscovery team.
What are the two types of exports that can be performed in eDiscovery?
The two types of exports that can be performed in eDiscovery are content export and review set export.
What is a hold in eDiscovery?
A hold in eDiscovery is a legal requirement to preserve content that may be relevant to a legal matter.
What are the steps involved in creating an Advanced eDiscovery case?
The steps involved in creating an Advanced eDiscovery case include creating a case, adding members and assigning roles, importing data, creating a machine learning model, training the model, and using the model to identify relevant content.
What is an Advanced eDiscovery set?
An Advanced eDiscovery set is a subset of content that has been identified as potentially relevant to a legal matter by the machine learning model.
What is a near-duplicate in Advanced eDiscovery?
A near-duplicate in Advanced eDiscovery is content that is similar to other content, but not identical.
What is a conversation in Advanced eDiscovery?
A conversation in Advanced eDiscovery is a group of related messages, such as an email thread or a chat conversation.
Great blog post! I found the section on creating eDiscovery cases very helpful.
I’m preparing for the MS-101 exam and was wondering how crucial it is to learn the differences between eDiscovery and Advanced eDiscovery?
Can someone explain the role-based permissions needed for configuring eDiscovery?
What are the key differences in feature sets between eDiscovery and Advanced eDiscovery?
Setting up eDiscovery was a headache for me. The permissions were very confusing.
I’ll be taking the MS-101 exam next month. Any tips on high-yield topics for eDiscovery?
Thanks for the detailed explanations in the blog post!
Are there any PowerShell cmdlets that are frequently used in eDiscovery configurations?