Everything You Need to Know About eDiscovery in Office 365

Everything You Need to Know About eDiscovery in Office 365

This article explains what eDiscovery Office 365 is, when to use it, and why this service is needed for businesses.

How to Use eDiscovery in Microsoft 365

eDiscovery lets you preserve, hold, and export content from Office 365 for legal or compliance purposes.

It’s an important part of your organization’s information governance strategy. Security administrators or data administrators might be tasked with preserving data in case of legal requirements.

eDiscovery is just like a typical discovery hold but is only focused on the digital (electronic) content that is involved. Hence, the “e” in eDiscovery.

With eDiscovery for Office 365, you are not just limited to emails and documents from a limited amount of Office applications. eDiscovery in Office 365 allows you to create holds and search for content across Microsoft Exchange Online, Teams, SharePoint (a single SharePoint site or multiple sites), OneDrive, and other applications.

Let’s use an example and say you are a security administrator working at a firm.

One day, a legal team member reaches out to you, asking if you can gather all data, such as emails, messages, and files that were shared or transferred by a particular employee. They would like to use this data as evidence in a legal case (which is the whole point of eDiscovery).

With eDiscovery through Office 365, Microsoft makes it easy to manage all your eDiscovery tasks in one centralized area.

Here’s how to use it:

  1. Go to the Microsoft 365 Purview compliance portal and sign in with your administrator account;
  2. Under Solutions, select on eDiscovery;
  3. Click on Standard or Premium (Depending on your License), then click Create a case;
  4. Give your case a name and description, then click Next;
  5. From here, you can select the Searches, Hold, or Exports tabs respectively relating to the content;
  6. Follow the steps in each tab to complete a successful Search, Hold, or Export.

eDiscovery is used when there is a legal case and data needs to be preserved and held from any alterations or integrity issues.

Depending on the type of Microsoft license you have, you also are offered the option to assign data owners to these cases which can help with the legal process of preserving data until the case is closed.

Note that you need special permissions to perform eDiscovery, which makes sense as you don’t want to allow any “ordinary” administrator to search through potentially very sensitive data that they wouldn’t normally have access to. More information here. See also below: Access Permissions in Microsoft 365 eDiscovery.

Why Businesses Need eDiscovery Tools

Microsoft Office 365 eDiscovery tools

In the modern business world, data is everything.

From digitizing documents, furthering collaboration through online meetings and chats, and protecting digital intellectual property, businesses need eDiscovery tools to manage the ever-growing volume of data and ensure that they can find the information they need when they need it.

eDiscovery tools help businesses index and search through large volumes of data quickly and easily. They also allow businesses to set up rules and filters to flag potentially relevant information automatically.

A business at any time can get hit with a lawsuit, be part of external investigations, or conduct an internal investigation of their organization. eDiscovery can also be part of compliance regulations, where you need to find all Personally Identifiable Information (PII) about a person that your business holds for example.

For these reasons, businesses need eDiscovery tools to protect information from being modified during the retention period, keep the integrity of information, and preserve information that can assist in the legal process.

Additionally, eDiscovery tools help businesses manage and protect their data. They can be used to identify and collect data, determine what data is relevant to a case, and review and analyze that data. eDiscovery tools can also be used to create reports and presentations and to share data with other legal team members.

Microsoft’s eDiscovery platform allows you to purchase Standard or Premium (Advanced eDiscovery) tools that fit your organization’s needs.

Important Office 365 eDiscovery Terms to Know

Important Office 365 eDiscovery terms to know

In any organization, communication is key to success. But with the vast array of data that businesses now create and store, it’s more important than ever to be able to find and manage information quickly and easily.

eDiscovery, or electronic discovery, refers to the process of identifying and collecting electronically stored information (ESI) for use in legal proceedings. It can be a complex process, but there are a few key terms that every business should know.

There is a comprehensive list of terms listed on Microsoft’s website that you can see here; for the clarity of this article, we will provide terms we believe are essential to Office 365 eDiscovery:


  • Metadata: Data about data. It can help you understand when something was created, who created it, and what type of file it is.
  • Custodian: This is the person whose data is being searched. The custodian can be an individual or an organization.
  • Query: This is the criteria that you use to search for data. For example, you can query by keyword, date range, or file type.
  • Export: Once you’ve found the data you’re looking for, you can export search results in a variety of formats (e.g., .csv, .pdf, etc.).
  • Review set: This is a subset of data that has been exported for review by lawyers or other relevant personnel.
  • E-discovery search: This is the process of searching through electronic data for evidence in a legal case.
  • E-discovery export: This is the process of exporting e-discovery data from one system to another.
  • E-discovery platform: This is a software platform that helps organizations manage and automate their e-discovery processes.
  • E-discovery project: This is a specific e-discovery effort undertaken by an organization, usually in response to a legal case or investigation.

Microsoft 365 Advanced Premium eDiscovery

As your business grows, so does the amount of data you generate. How do you keep track of it all and ensure that you can find the information you need when you need it? Microsoft Advanced eDiscovery can help.

With Microsoft 365 Advanced eDiscovery, you can index and search all your email, SharePoint site, OneDrive, and Teams content in one place. You can also set up retention policies to delete old data or keep it for a specific period of time.

Microsoft 365 Advanced eDiscovery is a premium offering that helps you find, investigate, and respond to incidents faster and with more confidence. Here are some advanced eDiscovery features, you can:

  • Get a complete picture of an incident by searching across all content types, including email, chat, documents, and social media;
  • Automate key tasks in your investigation workflow, from data collection to exporting search results;
  • Analyze large data sets quickly with built-in machine-learning algorithms that flag relevant content and help you identify key patterns.

You can add Advanced eDiscovery as an additional item to a Microsoft 365 E5 license or acquire Advanced eDiscovery as a standalone subscription.

Access Permissions in Microsoft 365 eDiscovery

In Microsoft 365 eDiscovery, access permissions are used to control who can access discovery content and perform actions on that content.

By default, only the eDiscovery Manager/Managers and eDiscovery Administrator have access to discovery content. However, you can grant other users access to discovery content by adding them to the security group “eDiscovery Users”.

Once a user has been added to this group, they will be able to search for and view discovery content in the eDiscovery Center. They will also be able to perform certain actions on that content, such as exporting it or placing a hold on it.

When an organization uses Microsoft 365 eDiscovery, it can specify who has access to what data.

This is done through access permissions. Organizations can specify which users have access permissions for each piece of data.

There are 10 roles within eDiscovery Manager and eDiscovery Administrator!

The roles are listed below (taken from Microsoft’s page on eDiscovery permissions):


  • Case managementCreate, edit, delete, and control access to cases
  • CommunicationManage communication with all custodians
  • Compliance searchAllows use of Content Search tool in compliance portal
  • CustodianIdentify and manage custodians on cases
  • ExportExport results
  • HoldPlace content holds on data – preserve content
  • Manage Review Set TagsCreate tags for cases
  • PreviewView items that are returned from a search
  • ReviewAccess review sets
  • RMS DecryptView rights-protected email messages

Frequently Asked Questions (F.A.Q)

What is eDiscovery Office 365?

Microsoft 365 eDiscovery is a tool that helps organizations manage their electronic data.

It provides access to data stored in the cloud, on-premises, and in hybrid environments. eDiscovery can be used to search for, preserve, and export data for legal teams or investigatory purposes.

eDiscovery can be used to search for a variety of content types, including emails, documents, chats, and more. It is an important tool for organizations that receive frequent data requests, or that are subject to regulatory compliance requirements.

When using eDiscovery, it is important to consider the sensitivity of the information being sought. Some content may be considered privileged or confidential and should only be accessed by authorized personnel.

Why do you need eDiscovery?

In the modern business world, data is everything. It’s what companies use to make decisions, track progress, and understand’s customers. All that data has to come from somewhere, and that’s where eDiscovery comes in.

eDiscovery is the process of collecting that’s electronic data. This can include emails, social media posts, documents, and more. It’s an essential part of any investigation or lawsuit.

There are many reasons why you might need eDiscovery services. Maybe you’re dealing with a lawsuit or an internal investigation. Maybe you’re trying to understand your customers better. Whatever the reason, eDiscovery helps you get the information you need.

When you’re involved in a legal case, there are a lot of documents to sort through. eDiscovery is the process of electronically searching for, finding, and delivering these documents. Here’s why you need eDiscovery services:


  1. To save time: Searching through large amounts of documents can be very time-consuming. With eDiscovery, you can quickly search for relevant keywords and terms.
  2. To find more information: You may be surprised at what you find when you search electronically. Documents that were previously hidden can be easily found with the help of eDiscovery services.
  3. To improve your chances of winning: Having all the relevant information can give you a big advantage in court. eDiscovery can help make sure you have everything you need to make your case.

What data sources are covered by Microsoft eDiscovery?

The volume of data that organizations must sift through has increased exponentially in recent years, making eDiscovery a complex and costly process. Microsoft eDiscovery helps organizations manage this process by providing a central repository for all discovery-related data.

Microsoft eDiscovery covers a wide range of data sources, including email, SharePoint sites, OneDrive, and Exchange. Microsoft Teams, and Exchange online can be used to search for related content and data as well.

To properly protect your Microsoft Office 365 environment, use Hornetsecurity 365 Total Protection365 Total Backup365 Permission Manager, and 365 Total Protection Enterprise Backup.
We work hard perpetually to give our customers confidence in their Spam & Malware Protection and Advanced Threat Protection strategies.
To keep up to date with the latest Microsoft 365 articles and practices, pay a visit to our Hornetsecurity blog now.


In conclusion, eDiscovery is a powerful tool that can help you manage your Office 365 documents and data. By understanding the basics of eDiscovery, you can ensure that your data is properly managed and protected.

It is important to understand how eDiscovery works and what it can do for your organization.

With the right tools and training, eDiscovery in Office 365 can be a valuable asset in your organization’s compliance arsenal!