Managing Search & Investigation
This course explores how to implement and manage auditing and eDiscovery in Microsoft 365. We'll start by covering Content Search and other search and investigation tools that are used to perform content searches, and how to export content search results.
You'll also learn about auditing management, before moving on to Core eDiscovery and how to search content using the Security & Compliance Admin Center. You’ll also learn how to configure Core eDiscovery and how to create cases. Finally, we'll cover Advanced eDiscovery, and you’ll learn what Advanced eDiscovery is, how to set it up, and how to create and manage Advanced eDiscovery cases.
- Learn about Content Search and other search and investigation tools that are used to perform content searches
- Export Content Search results
- Learn how to configure audit log retention and audit policy
- Learn what Core eDiscovery is and how to search content using the Security & Compliance Admin Center
- Configure Core eDiscovery and how to create cases
- Get an overview of Advanced eDiscovery and learn how to create and manage Advanced eDiscovery cases
This course is intended for those who wish to learn how to use and manage auditing and eDiscovery in Microsoft 365.
To get the most out of this course, you should already have some basic experience of working with Microsoft 365.
Hello, and welcome back. What we're gonna do in this quick demonstration here is walk through the process of creating a search in the Microsoft 365 compliance center using content search.
Now, on the screen here, I'm logged into my Microsoft 365 subscription, and I'm in the Microsoft 365 compliance pane. This compliance pane can be reached at compliance.microsoft.com. Now, what I've done here in the left pane is expand all of my options here by clicking Show all.
Now, if I click Show less at the bottom, this is the default view when you log in. If you click Show all here, a lot of these different options become available. Now, to use content search, what I need to do is select the option for content search under Solutions in this left pane.
Now, what I'm going to do here is create a search looking for emails about a bad virus. What I'm gonna do is search all of the mailboxes in my organization for these emails. Now, to do that, it's pretty straightforward. From this content search window here, I simply click New search, and then what I can do here is enter the keywords I'm interested in.
Now, in this particular example, I'm looking for emails that mentioned bad virus. Just trying to keep things simple here. So I'll search for bad virus. And then what I could do is add some conditions here, maybe certain recipients, maybe look at where they came from, condition it on the sender, condition it on the subject.
I'm not gonna add any conditions here, so we'll cancel this out. I'm simply going to search for emails that have bad virus mentioned in them. Now, to make sure I'm only searching emails, what I need to do here is modify the specific locations I want to search.
In the modify locations window here, I have an option to search lots of different places. What I'm gonna do here is simply select all for Exchange email and save it. Now, once I've done this, I can go ahead save and run my content search. And when I do that, I need to give my search a name. So I'll just call this Virus Search. And we'll go ahead and save it. And what it's gonna do is perform that search on all mailboxes in my organization.
Now, what it'll do is retrieve the preview results here. And we can see I have two emails with bad virus contained within them. And now what I could do here is select one of these and look at the actual text of the email here. And then from here, what I can do is export my results simply by going to More, and then Export results. And from this Export results pane, I can specify what I want to export.
I can specify my output options and my exchange content. I can specify one PST for each mailbox or one PST file for all messages, or I can export my exchange content as one PST file that contains all messages in a single folder, or I can just export content as individual messages. So what I'll do here is I'll leave my default options and we'll export one PST file for each mailbox. And then we'll go ahead and export.
Now, to view my export, I can click on Exports here, we'll refresh this, and we can see my Virus Search Export has been created. If I select my export, I can either restart the export, delete it, or I can download the results.
So that's how you perform a content search and export within the Microsoft 365 compliance center.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.