that ensure your organization stays compliant and organized, particularly when handling sensitive data. These solutions allow enterprises to track user activity, search and locate data across the organization, and adhere to compliance and retention policies.
I. Auditing in Microsoft 365
Auditing in Microsoft 365 is a system utilized to track and log events that are happening across your organization’s Microsoft 365 services. Auditing allows for the checking of various factors, from access to documents and operations on lists and libraries, to user and administrative operations at the site collection level.
Essentially, auditing permits your organization to raise questions like: “Who read, updated, deleted, or moved this document?” or “Who changed the permissions of this site?”, and have those answered without delay.
In Microsoft 365, the audit log includes data from:
- User, admin, system activity in SharePoint
- User, admin, system activity in OneDrive for Business
- User and admin transactions in Exchange Online that an admin, a delegated admin, or a user makes
- User, admin, and system activity in Power BI
To enable auditing in Microsoft 365, admins can visit the security & compliance center, then navigate to “Search & Investigation,” and then “Audit log search,” where they can tailor their auditing configurations.
II. eDiscovery solutions
Electronic discovery (eDiscovery) refers to the process used by organizations to find, secure, and search electronically stored information (ESI), including emails, documents, presentations, databases, voicemail, audio and video files, social media posts, and websites.
In Microsoft 365, the eDiscovery solution provides a responsive, collaborative, and scalable search platform that offers a range of capabilities including:
- Case management: To hold, search, and export data from mailboxes, public folders, Microsoft Teams, OneDrive for Business sites, and SharePoint Online websites.
- Search with relevance: To discover document summaries and metadata, OCR (Optical Character Recognition) to extract text from images, and trainable classifiers to categorize your data.
- Predictive coding and text analytics: To provide insight about your data, and coding recommendations based on previous coding decisions to complete your review faster.
- Review and redact: To examine, annotate, and redact Sensitive Information Types or Regular Expressions from search results.
III. Comparison
While both auditing and eDiscovery are crucial to an organization’s data management strategy, they offer different solutions:
| Auditing | eDiscovery | |
|---|---|---|
| Purpose | Tracks specified user or system activity | Searches and holds electronic information |
| Ideal Use Cases | Understanding who has done what with which data within an organization | Locating information for legal or regulatory needs |
| Key Features | User logging, Access logging, SharePoint activity logging | Case management, Text analytics, Predictive coding |
In summary, Microsoft 365 offers robust solutions for auditing and eDiscovery, supporting organizations in handling sensitive data while reinforcing compliance and security. Proper implementation and use of these tools can help organizations prevent data breaches, ensure adherence to regulatory requirements, and improve their overall data governance strategies. Knowledge and understanding of these tools are critical when preparing for exams like the MS-900 Microsoft 365 Fundamentals.
Practice Test
True or False: Auditing in Microsoft 365 is enabled by default.
Answer: False
Explanation: Auditing in Microsoft 365 is not enabled by default. Administrators need to enable audit logs in the Security and Compliance Center before they can start logging activities.
What is the primary function of eDiscovery solutions in Microsoft 365?
- A. To provide advanced threat protection
- B. To manage and control data flow within your network
- C. To search for, locate and secure data across your enterprise for legal requirements
- D. To enable single sign-on for all enterprise applications
Answer: C
Explanation: eDiscovery solutions are primarily used to search for, locate, and secure data across an enterprise for legal purposes, ensuring compliance and helping in potential legal proceedings.
In Microsoft 365, where can you enable the auditing feature?
- A. SharePoint Admin Center
- B. Teams Admin Center
- C. Security and Compliance Center
- D. Azure Portal
Answer: C
Explanation: The auditing feature in Microsoft 365 is found and can be enabled from the Security and Compliance Center.
True or False: Compliance Management and Audit Log Search are features of the eDiscovery tool in Microsoft
Answer: True
Explanation: Compliance Management and Audit Log Search are indeed part of the eDiscovery tool features in Microsoft 365, both of which help in identifying, categorizing, and managing data.
What does eDiscovery in Microsoft 365 help with?
- A. Troubleshooting system issues
- B. Preventing data breaches
- C. Identifying unused applications
- D. Locating relevant documents for legal cases
Answer: D
Explanation: eDiscovery is used primarily for locating relevant documents and data that would aid in legal cases, investigations, or disputes.
Who in an organization typically uses the auditing features of Microsoft 365?
- A. General Employees
- B. IT Admins and Compliance Officers
- C. Sales Team
- D. HR Department
Answer: B
Explanation: IT admins and Compliance officers typically use auditing features to track user activity, check compliance, investigate incidents, etc.
Which of the following can you track with Audit Logs in Microsoft 365?
- A. Document access and changes
- B. Email activity
- C. User sign-in activity
- D. All of the above
Answer: D
Explanation: Audit Logs in Microsoft 365 records various activities across the services, and it includes document access/changes, email activity, user sign-in activity, and more.
True or False: eDiscovery only applies to data stored in your local systems.
Answer: False
Explanation: eDiscovery applies to the electronic data across your organization’s enterprise, including data stored in cloud applications like Microsoft
True or False: Auditing and eDiscovery are one and the same in Microsoft
Answer: False
Explanation: Auditing is part of eDiscovery, but they are not the same. Auditing tracks and logs user activity while eDiscovery involves locating, managing and securing data relevant for legal matters.
What type of data can eDiscovery be used to search?
- A. E-mails
- B. Documents
- C. Chats in Microsoft Teams
- D. All of the above
Answer: D
Explanation: eDiscovery can search for emails, documents, chats and virtually any type of data spread across your electronic systems, making it an essential tool for legal proceedings and compliance matters.
Interview Questions
What is auditing in the realm of Microsoft 365?
Auditing in Microsoft 365 refers to the ability to track user and administrator activities across workloads in the organization. It helps in producing reports helpful in compliance, security, and operational efficiency.
What is the purpose of eDiscovery in Microsoft 365?
eDiscovery in Microsoft 365 is designed for legal, compliance, and HR teams. It helps them to discover, hold, and export content found in Microsoft Teams, Exchange Online mailboxes, SharePoint Online and OneDrive for Business sites.
How can you enable audit log search in Microsoft 365?
To enable audit log search, navigate to the Security & Compliance Center and then search & investigation. Click on Audit log search and then Start recording user and admin activities. After a few hours, audit logs will start populating.
In which situations is eDiscovery used in Microsoft 365?
eDiscovery is used for legal proceedings and investigations where specific data needs in your Microsoft 365 organization has to be located, preserved, analyzed, or exported.
Can an admin use eDiscovery to search for contents in a user’s mailbox without their knowledge?
Yes, an administrator can perform a search on a user’s mailbox without their knowledge. However, the actions are recorded in audit logs for verifiability and transparency.
How long does Microsoft 365 retain audit records?
Microsoft 365 retains audit records for 90 days.
How can one access audit logs in Microsoft 365?
Audit logs can be accessed through the Microsoft 365 compliance center. Users must have necessary permissions to access and search audit logs.
What are Advanced eDiscovery capabilities in Microsoft 365?
Advanced eDiscovery capabilities provide more robust tools to manage legal investigations – like near-duplicate detection, email thread analysis, and machine learning-based predictive coding.
What is an in-place hold in the context of Microsoft 365 eDiscovery?
An in-place hold allows you to preserve all mailbox content, including deleted items and original versions of modified items without the user deleting or editing data.
Can Office 365 auditing log deleted user activities?
Yes, Office 365 auditing can log and retrieve even deleted user activities within the retained period.
What is the Content Search feature in Microsoft 365?
Content Search is a part of eDiscovery and can be used to find specific messages, documents, and other data across Microsoft 365.
How to permit a user to access Microsoft 365 audit logs?
To permit a user to access audit logs, assign them to ‘View-Only Audit Logs’ or ‘Audit Logs’ role in the Security & Compliance Center.
What should you do when you receive a legal requirement to retain an employee’s email communication in Microsoft 365?
You can implement a Litigation Hold or an In-Place Hold on the employee’s mailbox in Microsoft 365.
Can Microsoft 365 track changes made to files stored in OneDrive?
Yes, Microsoft 365 can track and audit changes made to files in OneDrive.
What are the prerequisites for running an audit log search in Microsoft 365?
You must first turn the auditing feature on in Security & Compliance Center, and you or your organization’s user must be assigned with necessary permissions.
extutorials.com