Managing Search & Investigation
The course is part of this learning path
This course explores how to implement and manage auditing and eDiscovery in Microsoft 365. We'll start by covering Content Search and other search and investigation tools that are used to perform content searches, and how to export content search results.
You'll also learn about auditing management, before moving on to Core eDiscovery and how to search content using the Security & Compliance Admin Center. You’ll also learn how to configure Core eDiscovery and how to create cases. Finally, we'll cover Advanced eDiscovery, and you’ll learn what Advanced eDiscovery is, how to set it up, and how to create and manage Advanced eDiscovery cases.
- Learn about Content Search and other search and investigation tools that are used to perform content searches
- Export Content Search results
- Learn how to configure audit log retention and audit policy
- Learn what Core eDiscovery is and how to search content using the Security & Compliance Admin Center
- Configure Core eDiscovery and how to create cases
- Get an overview of Advanced eDiscovery and learn how to create and manage Advanced eDiscovery cases
This course is intended for those who wish to learn how to use and manage auditing and eDiscovery in Microsoft 365.
To get the most out of this course, you should already have some basic experience of working with Microsoft 365.
Configuring Advanced eDiscovery and creating cases requires you to first complete a few steps. The steps are quite similar to the steps you need to take when configuring Core eDiscovery. You first need to verify and assign the appropriate licenses within the organization, and to individual users. You then need to assign the proper eDiscovery permissions as well. Once you’ve assigned the appropriate licenses and permissions, you need to configure global settings. Once you’ve completed these steps, you can create Advanced eDiscovery cases and add members to existing cases.
Over the next few minutes, I’ll explain how each of these steps is completed.
To use Advanced eDiscovery, you must first assign the required licenses to users. For example, before users can access Advanced eDiscovery in the Microsoft 365 compliance center or in the Security & Compliance Center, there must first be at least a Microsoft 365 E5 subscription or Office 365 E5 subscription in place within the organization. You can also get access to Advanced eDiscovery with a Microsoft 365 E3 subscription with the E5 Compliance add-on OR with a Microsoft 365 E3 subscription with the E5 eDiscovery and Audit add-on.
In addition to meeting organization subscription requirements, you must also meet some individual licensing requirements before you can perform certain tasks. For example, if you wish to add a user as a custodian in an Advance eDiscovery case, the user that you wish to add needs to have, in the case of a Microsoft 365 subscription, a Microsoft 365 E5 license, an E5 Compliance add-on license, or an E5 eDiscovery and Audit add-on license.
If your organization subscription is Office 365, the user must be assigned an Office 365 E5 license.
Once licensed, a user can access Advanced eDiscovery, and the user can be added as a member of Advanced eDiscovery cases, assuming the user has been assigned the appropriate permissions. More specifically, the user has to be added as a member of the eDiscovery Manager role group in the Security & Compliance Center. Members of this role group can create and manage Advanced eDiscovery cases and they can also add and remove members, place holds on users and content locations, manage legal hold notifications, create and edit searches, and export content from Advanced eDiscovery cases.
Once you’ve assigned the proper licenses and permissions, and before you start creating cases, you have to configure global settings that will apply to all cases in the organization.
At the time of this course recording, the only global setting you need to configure is attorney-client privilege detection. What this setting does is enable the attorney-client privilege model to run whenever you analyze data in a review set. It leverages machine learning to determine whether or not a document being analyzed contains content that is legal in nature. Attorney-client privilege detection will also look at the participants in a document and compare them to an attorney list that you provide when setting it up. It does this to determine if a document includes any participants who are attorneys.
Join me in the next lesson, where I’ll explain how to create an Advanced eDiscovery case.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.