Microsoft 365 offers a suite of tools to aid organizations in legal, regulatory, and organizational compliance needs. Among these practices, eDiscovery (electronic discovery) and Advanced eDiscovery are pivotal. They provide the capability to find electronic data to use as evidence in a case or investigation.
Planning for eDiscovery
Before you can begin configuring, you need to plan your strategy.
- Identify Custodians: This primarily involves identifying people who hold or control the data relevant to an investigation.
- Preservation of Data: Ensure that the data which might serve as evidence is preserved with a hold. Microsoft 365 has a hold feature you can use, that prevents relevant data from being deleted by users.
- Search for Data: Develop search criteria that will yield the required data.
- Exporting Results: Plan and set permissions for who can access and export your search results.
Configuring eDiscovery in Microsoft 365
Follow these steps to set up eDiscovery;
- Go to Microsoft 365 compliance center.
- Select Permissions and assign the eDiscovery Manager role group to people who will work on eDiscovery.
- From ‘Solutions Catalog’, select eDiscovery and create a case.
- Add members and conduct hold on specified accounts for the case.
- To create a search, you first define conditions like keywords, dates, sender/recipient information, etc.
- Then review and export the search results.
Advanced eDiscovery’s Key Features
Advanced eDiscovery provides an enhanced method of analyzing and managing data related to cases. Its features include;
- Near-duplicates and Email Threading: Reduction of data volume by grouping similar items and email threads together.
- Theme & Predictive Coding: Identification of themes within the dataset and prediction of relevancy coding based on user inputs.
- Machine Learning and Text Analytics: Advanced analytics that cut down on irrelevant results.
Planning for Advanced eDiscovery
Following similar principles as planning for eDiscovery, here’s how to plan for Advanced eDiscovery:
- Identify Custodians: Set up custodian holds and link to individuals.
- Preservation of Data: Use auto-applied labels to preserve data.
- Analytics: Plan on using predictive coding or filter conditions to save time.
- Exporting Results: Also, plan and set permissions for who can access and export your results.
Configuring Advanced eDiscovery in Microsoft 365
- From the Microsoft 365 compliance center, go to ‘Show all’ and select ‘Advanced eDiscovery’.
- Set up a case, and assign roles to members based on their functions.
- Place data sources on-hold.
- Use the ‘Collections’ option to collect data from custodians and data sources.
- Finally, analyze, review, and export data from the case set up.
Rest assured, proper planning and subsequent configuration of eDiscovery, and Advanced eDiscovery will make the task of mining digital data during investigations more effective and efficient. As you prepare for MS-101 Microsoft 365 Mobility and Security exam, understanding and mastering these methods are essential as they contribute significantly to the overall comprehension of the Mobility and Security aspect of Microsoft 365. Thus enhancing your odds of passing the test.
Practice Test
True or False: eDiscovery is a tool used by Microsoft 365 to manage and organize data for potential legal cases from your business.
- True
- False
Correct answer: True
Explanation: eDiscovery is a tool in Microsoft 365 that offers the successful organization, management and extraction of data for potential legal cases.
Which of the following are components of Microsoft Advanced eDiscovery?
- a. Machine Learning and Predictive Coding
- b. Data reduction capabilities
- c. Optical Character Recognition
- d. All of the above
Correct answer: d. All of the above
Explanation: Advanced eDiscovery includes the features of machine learning, predictive coding, data reduction capabilities and optical character recognition for efficient data handling and review.
True or False: You can only use eDiscovery in a Microsoft Team’s environment.
- True
- False
Correct answer: False
Explanation: eDiscovery can be used across all Microsoft 365 platforms including Teams, Exchange, SharePoint and OneDrive for business.
Which of the following is NOT a step in the Microsoft 365 eDiscovery process?
- a. Create a case
- b. Place content locations on hold
- c. Extract legal data
- d. Destroy case data
Correct answer: d. Destroy case data
Explanation: Destroying case data is not part of the actual eDiscovery process. The actual steps include creating a case, placing content locations on hold, and extracting legal data.
Does eDiscovery support third-party data imports?
- a. Yes
- b. No
Correct answer: b. No
Explanation: eDiscovery does not currently support third-party data imports. It is designed to work with native Microsoft 365 data.
Is it possible to export the results of an eDiscovery search?
- a. Yes
- b. No
Correct answer: a. Yes
Explanation: After a search is performed, you can export the results for further review or for legal proceedings.
True or False: Advanced eDiscovery can automatically identify redundant data to simplify data analysis.
- True
- False
Correct answer: True
Explanation: Advanced eDiscovery uses data analytics to identify and eliminate redundant data, reducing the volume of data that must be reviewed.
Which kind of content does eDiscovery NOT search through in Microsoft 365?
- a. Emails
- b. Calendars
- c. Documents
- d. Social media posts
Correct answer: d. Social media posts
Explanation: eDiscovery in Microsoft 365 is designed to search through emails, calendars, and documents but not Social media posts.
Can data associated with a user be placed on hold even when the user’s account is deleted from Microsoft 365?
- a. Yes
- b. No
Correct answer: a. Yes
Explanation: Placing a hold on a user’s data ensures that it is preserved, even if the user’s account is deleted.
True or False: You must use Advanced eDiscovery if you want to search and export content from Microsoft Teams.
- True
- False
Correct answer: False
Explanation: Although Advanced eDiscovery includes features specific to Microsoft Teams, the basic eDiscovery tool also allows for the search and export of Teams content.
Interview Questions
What is the purpose of eDiscovery in Microsoft 365?
eDiscovery is a tool in Microsoft 365 used to identify, hold, search, and export content such as emails, documents, instant messaging conversations, and other data in the organization. It assists in conducting investigations for various cases including legal matters, HR inquiries, or internal investigations.
What is the difference between core eDiscovery and advanced eDiscovery in Microsoft 365?
Core eDiscovery provides basic capabilities to search and export data in Microsoft 365, whereas advanced eDiscovery gives richer capabilities that include machine learning, predictive coding, text analytics, and advanced content analytics capabilities which help you reduce the volume of data for a case.
How can an organization benefit from Advanced eDiscovery features in Microsoft 365?
Advanced eDiscovery provides additional machine learning features to analyze large amounts of data, including predictive coding, text analytics, and advanced content analytics. It significantly reduces the volume of data shared in a case, saving both time and costs for the organization.
What are hold policies in the context of eDiscovery?
Hold policies relate to preservation of electronically stored information which is potentially relevant to a legal proceeding or investigation. They protect such information from being modified or deleted until the case is closed.
What is the purpose of a search in eDiscovery?
The purpose of a search in eDiscovery is to identify content relevant to a specific case. You can use keyword queries, condition cards, or a combination of both to search and identify the relevant content.
What is a custodian in the context of eDiscovery?
A custodian in eDiscovery refers to individuals who have control over or responsibility for the data that may be relevant to a case. These are generally those directly involved in the case, which could be email users, HR managers, or anyone in the organization.
What are the main steps involved in creating a case in eDiscovery?
The main steps involved in creating a case are: creating a hold policy to preserve content, searching for content relevant to the case, preparing results for review, and finally exporting results for delivery or for sharing with others.
What is Predictive coding in advanced eDiscovery?
Predictive coding in advanced eDiscovery is a feature that uses machine learning to help determine relevant from non-relevant content. It helps to reduce the volume of data to be reviewed in a case.
When should an organization consider using Advanced eDiscovery instead of Core eDiscovery?
An organization should consider using Advanced eDiscovery when they have a large volume of data and require machine learning capabilities to filter out irrelevant data. Also, if they want to reduce the cost and time involved in reviewing all data, Advanced eDiscovery would be more suitable.
What is the role of a Review Set in advanced eDiscovery?
A Review Set in advanced eDiscovery is a collection of documents that are compiled for review. It provides a controlled environment where documents can be assessed, analyzed, and marked for relevance to the ongoing case.
What is Themes in Advanced eDiscovery?
Themes in advanced eDiscovery are topics that are automatically identified in the dataset by the system. This helps in grouping similar content together and helps to uncover patterns or trends in the data.
What is included in the export process from advanced eDiscovery?
The export process from advanced eDiscovery includes exporting documents, reports related to document processing and review, and also metadata like author, creation date, file path, and more.
How does Near-duplicate detection work in Advanced eDiscovery?
Near-duplicate detection in Advanced eDiscovery identifies documents that are very similar to each other. It helps in the reduction of data volume, by grouping identical or near-identical documents together for review.
What is a Relevance Score in Advanced eDiscovery?
A Relevance Score in Advanced eDiscovery is a score assigned by the system to each document based on its relevancy to the search query. The higher the relevance score, the more relevant the document is to the investigated case.
What is the use of communication analysis in Advanced eDiscovery?
Communication analysis in Advanced eDiscovery provides insights into communication patterns between custodians in a case. It helps investigators identify who communicated with whom, the frequency of communication, and the topics of conversation.