Audit the eDiscovery process with M365 Manager Plus
What is eDiscovery?
eDiscovery, or electronic discovery, is the process of identifying and preserving electronic information that can be used as potential evidence in legal cases. It helps users search for content in Exchange Online mailboxes and public folders, Microsoft 365 groups, Microsoft Teams, SharePoint sites, Yammer, OneDrive for Business, and Skype for Business.
Microsoft's eDiscovery tool on the Microsoft Purview portal helps organizations tackle legal and compliance challenges presented by the data in these apps and services.
How M365 Manager Plus helps the eDiscovery process
M365 Manager Plus allows you to audit and collect data regarding the eDiscovery cases that are held about your tenants' Microsoft 365 users. It helps you collect granular data on all the eDiscovery and Advanced eDiscovery activities in just a few clicks.
To create a new audit profile in M365 Manager Plus:
- Select Auditing & Monitoring from the drop-down menu at the top.
- Go to Settings → Configuration → Audit Profiles.
- Click + Add Profile.
- Name your audit profile.
- Select Compliance as the Microsoft 365 service.
- Choose a category for auditing.
- Choose actions to audit.
- Click Add.
The following categories are available for auditing eDiscovery:
Exchange Online Protection (EOP) eDiscovery helps you audit and collect data on eDiscovery cases and view the members, newly created case hold policies, deleted cases, and modified cases.
eDiscovery Activities helps you collect data on added members, changed content searches, changed cases, and created cases.
Advanced eDiscovery Activities helps you fetch audit reports on the created/edited/deleted tags, data added to the review set, and modified case settings.
Generating eDiscovery audit data
To view the audit profiles created for eDiscovery-related tasks:
- Go to Audit → Compliance Management. The eDiscovery audit profiles will be grouped under this service.
- From the left pane, choose the audit profile and action for which you want to generate data.
- Audit data is generated for the last 30 days by default. You can alter the timeline as necessary next to Period.
- You can choose the duration from the Business Hours drop-down menu.
These audit profiles can be scheduled to fetch data at regular intervals, thus helping you continuously monitor the eDiscovery process.
M365 Manager Plus features
- Reports for each action: Audit reports are readily available for every possible activity inside the Microsoft 365 setup.
- Scheduled reports: All the audit reports can be scheduled and exported in PDF, XLSX, CSV, or HTML format.
- Exports: The reports can be exported in PDF, XLSX, CSV, or HTML format and emailed to the administrator.
- Secure delegation: Securely delegate the task of report generation to technicians and IT staff without giving them full access to the Microsoft 365 admin center.
- Long-term historical data: Audit data can be stored for an indefinite period.
- Custom views: Custom views can be created for all the audit reports based on your requirements.
FAQs:
- What are the Microsoft eDiscovery solutions?
- What are the permissions required for the legal eDiscovery process?
- What are the Microsoft eDiscovery solutions?
Microsoft eDiscovery includes Content Search, Core eDiscovery, and Advanced eDiscovery.
- Content Search allows you to search for content across Microsoft 365 data sources and export the results.
- Core eDiscovery allows you to run content searches; add managers to the case; and place mailboxes, SharePoint locations, and public folders on hold indefinitely.
- Advanced eDiscovery allows you to identify and communicate with custodians (users whose content an organization wants to gather as evidence in a legal case); preserve data relevant to the case; add the data to a review set; tag, annotate, and redact documents; and then export the data.
- What are the permissions required for the legal eDiscovery process?
Users need to be assigned certain permissions to use any of the eDiscovery-related tools. This can be done by adding users to the appropriate role group on the Permissions page in the Microsoft 365 Security & Compliance Center. The two important roles for the eDiscovery process are eDiscovery manager and eDiscovery administrator.
- eDiscovery managers can search for content locations in the organization, create and manage cases, add and remove case members, create case holds, and export data pertaining to the cases created by them. They cannot view or access cases created by other eDiscovery managers.
- eDiscovery administrators are members of the eDiscovery manager role group and can perform the same activities as eDiscovery managers. Additionally, they can access all the cases listed on the eDiscovery pages and manage any cases to which they are added as a member.