Lab: Explore the eDiscovery (Standard) workflow

This lab maps to the following Learn content:

  • Learning Path: Describe the capabilities of Microsoft compliance
  • Module: Describe the eDiscovery and audit capabilities of Microsoft Purview
  • Unit: Describe the eDiscovery solutions in Microsoft 365

Lab scenario

In this lab you’ll go through the steps required for setting up eDiscovery, including setting up role permissions, creating an eDiscovery case, creating an eDiscovery hold and creating a search query. Note: Licensing for eDiscovery (Standard) requires the appropriate organization subscription and per-user licensing. If you aren’t sure which licenses support eDiscovery (Standard), visit Get started with eDiscovery (Standard) in Microsoft Purview.

Estimated Time: 25-30 minutes

Task 1

To access eDiscovery (Standard) or be added as a member of an eDiscovery case, a user must be assigned the appropriate permissions. In this task, you as the global admin, will add specific users as members of the eDiscovery Manager role group.

Open Microsoft Edge. In the address bar, enter admin.microsoft.com.

  1. Sign in with your admin credentials.

    1. In the Sign in window, enter admin@WWLxZZZZZZ.onmicrosoft.com (where ZZZZZZ is your unique tenant ID provided by your lab hosting provider) then select Next.

    2. Enter the admin password that should be provided by your lab hosting provider. Select Sign in.
    3. When prompted to stay signed- in, select Yes. This takes you to the Microsoft 365 admin center page.

  2. From the left navigation pane of the Microsoft 365 admin center, select Show all.

  3. Under Admin centers, select Compliance. A new browser page opens to the welcome page of the Microsoft Purview compliance portal.

  4. From the left navigation pane, expand (select the down arrow) Roles & Scopes then select Permissions.

  5. Under Microsoft Purview solutions, select Roles.

  6. In the search field, enter eDiscovery then select the search icon (magnifying glass). Select eDiscovery Manager.

  7. Select Edit. Notice how there are two subgroups, eDiscovery Manager and eDiscovery Administrator.
    1. The “Manage eDiscovery Manager” page allows you to add users to the role of eDiscovery manager. For this lab, we’ll add members to the eDiscovery Administrator subgroup so select Next.
    2. On the “Manage eDiscovery Administrator” page, select Choose users . Search for and select MOD Administrator and Megan Bowen then press Select at the bottom of the page, then select Next and then Save.
    3. On the “You successfully updated the role group” page, select Done.
  8. Keep this browser tab open, as you’ll use it in the next task.

Task 2

In this task you, as an eDiscovery Administrator (MOD admin is an eDiscovery administrator), will create a case to start using eDiscovery (Standard).

  1. You should still be on the compliance portal roles page. If you closed the browser tab from the previous task, open a new browser tab and enter compliance.microsoft.com

  2. From the left navigation panel, under Solutions, select eDiscovery then select Standard.

  3. From the top of the eDiscovery (Standard) page, select + Create a case.

  4. In the New case window, enter a Case name, SC900 Test Case then select the Save at the bottom of the page.

  5. The case should now appear on the list.

  6. As the creator of the case and because you have eDiscovery Administrator privileges, you can begin to work with it.

  7. Keep this browser tab open, as you’ll use it in the subsequent task.

Task 3

Now that you’ve created an eDiscovery (Standard) case, you can begin to work with the case. In this task, you’ll create an eDiscovery hold for the case for you created. Specifically, you’ll create a hold for the exchange mailbox belonging to Adele Vance.

  1. Open the eDiscovery (Standard) tab on your browser.

  2. From the eDiscovery (Standard) page, select the case you created in the previous tab, SC900 Test Case.

  3. From the Home page of the case, select the Hold tab then select +Create.

  4. In the name field, enter Test hold then select Next.

  5. In the Choose locations page, select toggle switch next to Exchange mailboxes to set the status to On.

  6. Now select Choose users, groups, or teams. In the search box, enter Adele then press enter on your keyboard. From the search results select Adele Vance, then select Done.

  7. From the Choose locations page, select Next. For expediency with the lab, no other locations will be included in this hold.

  8. The Query conditions page enables you to create a hold, based on specific Keywords or Conditions that are satisfied, select + Add condition to view the available options. Select Next. Without any conditions, the hold will preserve all content in the specified location.

  9. Review your settings and select Submit, it may take a minute, then select Done. The Test hold should appear on the list. If you don’t immediately see it, select Refresh

  10. Keep this browser tab open, as you’ll use it in the subsequent task.

Task 4

With a hold in place, you’ll create a search query. Once your search is complete, the eDiscovery supports actions, such as exporting and downloading the results for future investigation. Note: Searches associated with an eDiscovery (Standard) case are not listed on the Content search page in the Microsoft Purview compliance portal. These searches are listed only on the Searches page of the associated eDiscovery (Standard) case.

  1. Open the SC900 Test Case tab on your browser.

  2. From the SC900 Test Case page, select Searches.

  3. From the Search page, select + New Search.

  4. In the Name field, enter Test Hold – Sales Search, then select Next from the bottom of the page.

  5. In the Choose locations page, select locations on hold and unselect Add App Content for On-Premises users, as your lab environment has no on-premises users, then select Next.

  6. The Query conditions page enables you to create a search, based on specific Keywords or Conditions that are satisfied, In the keyword field enter Sales select Next.

  7. Review your settings and select Submit, it may take a minute, then select Done. The search should appear on the list. If you don’t immediately see it, select Refresh

  8. From the Searches window, select the search you created, Test Hold - Sales Search. A window that opens with the Summary tab selected. Once the search is complete the status will indicate that the search is completed. You’ll see a Search statistics tab (if you don’t see the Search statistics tab, the search may still be running and may take a few minutes to complete). Select the Search statistics tab and select the drop-down next to Search content. You can also view more information for the Condition report and Top locations.

  9. From the bottom of the page, select Actions. Note the available options that include export options (the export options cannot be selected from within the lab platform provided by the authorized lab hoster, but are available in a production environment and are considered part of the standard workflow). Select Close.

  10. Close all the open browser tabs.

Review

In this lab, you went through the steps required to get started with eDiscovery (Standard), including setting up the role permissions for eDiscovery and creating an eDiscovery case. With the case, created you went through elements of the eDiscovery (Standard) workflow by creating an eDiscovery hold and creating a search query.