1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Auditing and eDiscovery in Microsoft 365

Configuring eDiscovery and Creating Cases

Start course
Overview
Difficulty
Intermediate
Duration
45m
Students
16
Description

This course explores how to implement and manage auditing and eDiscovery in Microsoft 365. We'll start by covering Content Search and other search and investigation tools that are used to perform content searches, and how to export content search results.

You'll also learn about auditing management, before moving on to Core eDiscovery and how to search content using the Security & Compliance Admin Center. You’ll also learn how to configure Core eDiscovery and how to create cases. Finally, we'll cover Advanced eDiscovery, and you’ll learn what Advanced eDiscovery is, how to set it up, and how to create and manage Advanced eDiscovery cases.

Learning Objectives

  • Learn about Content Search and other search and investigation tools that are used to perform content searches
  • Export Content Search results
  • Learn how to configure audit log retention and audit policy
  • Learn what Core eDiscovery is and how to search content using the Security & Compliance Admin Center
  • Configure Core eDiscovery and how to create cases
  • Get an overview of Advanced eDiscovery and learn how to create and manage Advanced eDiscovery cases

Intended Audience

This course is intended for those who wish to learn how to use and manage auditing and eDiscovery in Microsoft 365.

Prerequisites

To get the most out of this course, you should already have some basic experience of working with Microsoft 365.

Transcript

Configuring eDiscovery and creating cases requires you to first complete a few steps. You first need to verify and assign the appropriate licenses within the organization and to individual users. You then need to assign the proper eDiscovery permissions. Once you’ve assigned the appropriate licenses and permissions, you can create Core eDiscovery cases and add members to existing cases.

Over the next few minutes, I’ll explain how each of these steps is completed.

To use Core eDiscovery and its hold and export features, you must first assign the required licenses to users. For example, before users can access Core eDiscovery in either the Microsoft 365 compliance center or in the Office 365 Security & Compliance Center, there must first be at least a Microsoft 365 E3 subscription or Office 365 E3 subscription in place within the organization.

In addition to meeting organization subscription requirements, you must also meet some individual licensing requirements before you can perform certain tasks. For example, if you wish to place an eDiscovery hold on mailboxes and sites, you first need to be assigned either a Microsoft 365 E3 or Office 365 E3 license or higher OR an Office 365 E1 license with an Exchange Online Plan 2 or Exchange Online Archiving add-on license. Your licensing requirements will vary, depending on your organization's subscription.

In addition to these licensing requirements, you’ll also need an Office 365 E1 license with a SharePoint Online Plan 2 or OneDrive for Business Plan 2 add-on license.

Once licensed, a user can access Core eDiscovery and he can be added as a member of Core eDiscovery cases, assuming the user has been assigned the appropriate permissions. More specifically, the user has to be added as a member of the eDiscovery Manager role group in the Office 365 Security & Compliance Center. Members of this role group can create and manage Core eDiscovery cases and they can also add and remove members, place eDiscovery holds on users, create and edit searches, and export content from Core eDiscovery cases.

Once you’ve assigned the proper licenses and permissions, you can begin creating Core eDiscovery cases and adding members to existing cases.

 

About the Author
Avatar
Thomas Mitchell
Instructor
Students
34516
Courses
44
Learning Paths
16

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.