Insight and analysis on the information technology space from industry thought leaders.

Notes from the field: eDiscovery within Office 365

You may or may not know that recently an update was made to the Data Loss Prevention and eDiscovery features within Office 365.

Liam Cleary

August 3, 2017

3 Min Read
ITPro Today logo in a gray background | ITPro Today

You may or may not know that recently an update was made to the Data Loss Prevention and eDiscovery features within Office 365. In the past, we had the ability to utilize an eDiscovery site for creation of cases. These cases then allowed you to perform sensitive searches on content either within Exchange, SharePoint or OneDrive for Business.

These searches were performed within the site, using the following screen:

 

Searches could be performed using standard search queries as well as specific sensitive type options. Some examples of the sensitive searches that can be performed are:

Search for U.S. Social Security numbers

SensitiveType=”U.S. Social Security Number (SSN)”

Search for U.S. Social Security numbers AND Credit Card Numbers

SensitiveType=”U.S. Social Security Number (SSN)” AND SensitiveType=”Credit Card Numbers”

Search for U.S. Social Security numbers, ONLY if there are 5 or more instances within the content

SensitiveType=”U.S. Social Security Number (SSN)|5..”

Search for U.S. Social Security numbers AND Author=“Liam Cleary”

SensitiveType=”U.S. Social Security Number (SSN) AND Author=‘Liam Cleary’”

Once the queries were performed, using this syntax combined potentially with other standard search terms the eDiscovery site allowed for legal holds, and even exporting of the content. Though this was great it was a little limited in the way that eDiscovery searches should be done.

Enter the new way of doing it. To access this new way, navigate to the Security and Compliance center, expand the Search & Investigation blade and choose eDiscovery.

You will be now be navigated directly to the case management list.

If you don’t have any case, simply click the Create a case button. This will cause the creation wizard to slide out from the right, where you can type the name and a description for the new case.

Now press Save, and then once created click the Open button.

This will now open a new browser tab and redirect you to the new eDiscovery process.

The new process now has a new menu, that sends you to specific functionality for Hold, Search, Export and then an Advanced eDiscovery option. Each option has its own configuration options and settings, as well as functionality.

The Advanced eDiscovery option redirects you to a different application that is now available to use.

The regular eDiscovery options, now provide a different way of searching for content instead of using a SharePoint eDiscovery site and the specific sensitive type syntax. Now you can simply type a name and set the locations easily.

Searching through this content can now be done using standard syntax fee typed into the box or can be done using keywords.

The free text option lets you still utilize the same syntax that used to be used within the SharePoint eDiscovery sites. The keyword list approach is for combining these with other keywords.

Once you have added your search terms, click the Search button, which will then close the window and return you to the previous screen listing your search. This will then auto perform the search in the background, or you can run it again and again as needed. It runs asynchronously and lists the results statistics in the page upon completion.

Clicking on the Preview search results, takes you to a screen where you can see the matched results from the various locations that were selected.

This a great new way of working with the results, performing searches, and even exporting the content. The new Advanced eDiscovery process can then take all of the results and run further processing of the content as needed. 

There are plenty of great new screens and features available now, that I would encourage you to look at to become familiar with the new way of working with eDiscovery.

About the Author

Liam Cleary

https://www.helloitsliam.com/

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like