Hello, and welcome to Search and Investigation Tools. In this lesson, we’re going to take a look at the key tools that are used to perform content searches. We’ll look at Content Search, Core eDiscovery, and Advanced eDiscovery.

The Content Search tool in the Security & Compliance Center can be used to find emails in Exchange mailboxes, documents in SharePoint sites, and documents in OneDrive locations. It can also be used to find messaging conversations in Skype for Business and Microsoft Teams.

To use Content Search, what you typically do is choose the content location you wish to search, and then you configure a keyword query to search for items you are interested in. That said, you can also just leave the search query blank. When you do that, your query will return all items in the content location you’ve targeted.

The Content Search tool allows you to do things like running an ID list search to search for specific email messages, and to search cloud-based mailboxes for on-prem users in Microsoft 365. You can also use Content Search to view the keyword statistics for the results of a particular search. You can then use that info to refine the original query if necessary. Content Search also allows you to search for third-party data that’s been imported into the Microsoft 365 organization.

When you find the data you are looking for, Content Search allows you to perform several operations on that data. For example, you can export the results of your content search so you can download them, or you can search for specific email messages and delete them. This is particularly helpful when you need to remove a virus-laden email from everyone’s mailboxes quickly. You can even export a report about the results of a search. This lets you export information about the search, without exporting the actual data.

We’ll actually talk about exporting later on.

Core eDiscovery is another search tool in Microsoft 365. It’s a basic eDiscovery tool that allows you to search for, and export, content in both Microsoft 365 and in Office 365.  Core eDiscovery can also be used to place eDiscovery holds on things like Exchange mailboxes, OneDrive accounts, and SharePoint sites. It can also be used to place holds on Microsoft Teams. 

We’ll dive into Core eDiscovery in more detail later. But for now, you just need to know it’s another tool in your arsenal for performing searches in Microsoft 365.

Advanced eDiscovery is yet another Microsoft 365 offering that you can use to perform searches. It expands on the existing Microsoft eDiscovery and analytics capabilities. However, what sets Advanced eDiscovery apart is the end-to-end workflow it provides. Using this tool, you can preserve, collect, analyze, review, analyze again, and export content when performing internal and external investigations within your organization. Advanced eDiscovery even allows legal teams to manage the entire legal hold notification workflow.

Later on, we’ll dive into the details of Advanced eDiscovery.

So, now that we’ve touched on what each of the key search and investigation tools are, let’s move on to exporting content search results.