Speaker 1: Hi everyone, welcome along to the channel once again. Peter Rising here, Microsoft MVP. Now, anyone who knows me well knows that I am a compliance guy. I love Microsoft Purview and all of the solutions within. A particular favorite of mine is eDiscovery, and in particular eDiscovery Premium. eDiscovery or electronic discovery is the process of looking for information that you have stored within your Microsoft 365 environment, and in some cases beyond other locations as well. And this information may need to be gathered for all sorts of reasons, for legal investigations, for freedom of information, for data subject requests, although there is Microsoft Preva to do that sort of thing now as well. But that's another subject, I digress. But I wanted to do a little bit of a series on eDiscovery Premium. I've done this before on Cloud Conversations, which I encourage you to go and subscribe to. But I wanted to update my videos on eDiscovery and wanted to do it in a more granular, bit by bit, multi-part series as well. So this is part one, which will be the introduction to eDiscovery Premium. It's coming up. So to get you started with Microsoft Purview eDiscovery, the best place for me that I always recommend is to look at the learn.microsoft.com content about eDiscovery. You know by now that I'm a big fan of the learn.microsoft.com site, and it's no exception when it comes to Microsoft Purview eDiscovery solutions. So on this main page here for managing eDiscovery, you get a quick glimpse about what eDiscovery actually does. And it's the process of identifying and delivering electronic information that can be used as evidence in legal cases. And you can use the tool to search for content within your Microsoft 365 locations, such as Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer Teams as well. You can search mailboxes and sites within the same eDiscovery search, and then export the search results. But what are the eDiscovery solutions that are available to you? Well, we can see here that there are three flavors of eDiscovery solutions. We have Content Search, eDiscovery Standard, and eDiscovery Premium. Now Content Search, while not strictly an eDiscovery solution of itself, is relevant, and it's the most basic form of searching for content with Microsoft 365. And if you don't have a particularly high level of licensing, like Microsoft 365 E3, then Content Search is probably the tool that's available for you. And with it, you can search for content, you can do keyword queries and search conditions, and you can export the search results. And it's all based on role-based permissions. Then, moving up, we have eDiscovery Standard, which gives you a little bit more. Now, eDiscovery Standard features Content Search as part of it. And you can, again, search and export, but you can do more detailed case management as well. And you can put content in your eDiscovery searches onto legal hold, so that it's going to be retained and not deleted by a retention policy. Finally, we have the top tier offering of eDiscovery from Microsoft, which is eDiscovery Premium. Now, this, in my view, is the only eDiscovery worth having. If you are a heavily regulated organization that needs to respond to a lot of these type of searches and requests for information, then this is the tool. This is the only tool that you will be wanting to use and you should be using. With it, you have custodian management, legal hold notifications, advanced indexing, review set filtering, tagging analytics, predictive coding models, and much, much more. So these are the three types of eDiscovery solutions that are available. And you can see here that you can scroll down and get a lot more information on all of the eDiscovery tools and associated abilities. But where do you access eDiscovery? And how do you access eDiscovery? Well, it's all from within the Microsoft Purview Compliance Portal or Compliance Center, whatever you want to call it. And that is accessed at compliance.microsoft.com. Now, not any old Tom, Dick, or Harry can get access to this portal, of course. You have to have permissions to get here. You need to be a compliance administrator or a particular defined role, or you can be in, as in my case, a global administrator. But obviously, do be careful how you allocate your roles. Global admins should be used very, very sparingly. And if you can, use privileged identity management to give just-in-time access to your privileged roles. That's one for another video that will be coming up at some point, I am sure. But always worth mentioning. Once you have access to the Purview Compliance Portal, that in itself is not enough to get you access to eDiscovery. Now, eDiscovery is visible within the left-hand panel here. And you can see eDiscovery, Standard, Premium, and a feature called User Data Search. Now, Content Search, as you can see, is a little bit further up, not under the actual eDiscovery menu, which is why I called out earlier that it's not really, in and of itself, a part of eDiscovery, apart from it being included as part of eDiscovery Standard. But as we move forward, we are going to ignore those other solutions. We are going to focus on eDiscovery Premium. But if you don't have the right access beyond your initial access to the Purview Portal, then you're not going to see this. So how do you get to here? Well, it's all from Roles and Scopes at the top here. And if you expand Roles and Scopes and go into Permissions, you will see two sets of role types here. We have the Azure AD role types, which will include things like Global Administrator and Security Administrator, that sort of thing, the Azure AD-wide roles. But what we are interested in are these Microsoft Purview solution-specific roles, and one in particular, which is the eDiscovery Manager. So this is a built-in role. And if we click on it, the flyout panel appears, and we can get some details on what this role actually is going to do for us. So here we can see in the eDiscovery Manager, we have the role group name of eDiscovery Manager, and we have a lot of sub-roles contained within the group. We have things like Case Management, Communication Compliance Search, Custodians, Export Capabilities, Hold Settings, Managing Review Set Tags, and much, much more. So you can edit the group and you can make changes. And what we can see as we scroll down is that there are two sub-roles within this role group. We have, rather uninventingly in my opinion, another role within eDiscovery Manager, also called eDiscovery Manager, and another one called eDiscovery Administrator. Now, the difference between these two roles is quite simple. An eDiscovery Manager will be able to see and view and manage the cases that relate to them and that they have created within eDiscovery Premium in Microsoft Purview, but they won't be able to see anyone else's cases. The eDiscovery Administrator, on the other hand, is able to see all cases that have been created organization-wide. Now, you might think this in itself could be a problem. Do we want administrators to be able to see all the eDiscovery cases that have been created? Is it possible to segregate those in any way? Well, the answer to that is yes, and that is achieved by compliance boundaries. That can be set up within Microsoft 365, and that is something that we will take a look at a little bit later on in this series of eDiscovery. So, we can edit this role group, and we can add people to the various sub-roles. And we can see here that we can manage our eDiscovery Manager settings and choose who has access to it. And if you're familiar with the TV show Friends, you'll be familiar with these two names here. We can see that Rachel and Monica are members of the eDiscovery Manager role group, meaning that they will be able to access their cases and their cases alone. Next, we can see we have the eDiscovery Administrator role, and we can add people to this role as well. And they can view and edit all of the cases, regardless of the permissions. And we can go through and review our settings and save those. And that is nice and simple. So, with that done, we are ready now to create eDiscovery Premium cases within Microsoft Purview. So, now that we understand the roles needed to access eDiscovery Premium, let's launch eDiscovery Premium itself and take a little look around. And as we launch it, we're taken directly into the overview screen. Now, if you want more screen space here, you can collapse the sidebar because we won't need that again for a while. And in the overview page here, we can see the number of cases that we have. So, there are eight cases listed here. We can see any cases that have been recently favorited. And you can see what level of permissions you have when you go into eDiscovery Premium. And I can see here that I am an eDiscovery Administrator and that I have full access to all of the cases. Here, we can learn more about eDiscovery roles. And that's going to take you to that excellent learn.microsoft.com content again. So, I highly recommend looking at that. We can go into the cases here by viewing all cases, or we can just simply click on the cases tab at the top of the screen here. Now, it did say we had eight cases in here, but I only have one listed, which must be a bit of a... No, I can see what that is. I have a filter applied. So, there we go. That is the reason why. So, that illustrates in and of itself that you can filter this view. If you have many, many multiples of cases here, then you can filter that view and search and get to the cases that you want. So, a top tip inadvertently reached there by me. So, we can see some examples of cases that I have done for demo purposes previously. But what we're going to do before we get into cases though, is we are going to take a look at the eDiscovery premium core settings, which you can access from the top right side of the screen here. When we click on there, and there are a few settings in here that we need to be aware of. The first one, which is toggled off by default, but I've previously activated this, is the setting for Attorney Client Privilege Detection. And what this means is when you analyze data within a working set, if you have Attorney Client Privilege Detection setting set to on, then we're going to run privileged models on your data and flag documents that are likely to be privileged based on the content, as well as by comparing participants against a user provided attorney list. And that list can be provided right here by you uploading one. So, you can browse to and upload an up-to-date attorney list. So, that's going to set up Attorney Client Privilege matches for your eDiscovery cases and search results, which is a very, very useful thing to have. We've also got settings for collections here, and we can configure the settings for how items are searched, retrieved, and processed. Now, collections we will get to in more detail when we create a case, but collections, think of them essentially as searches. And in an earlier version of eDiscovery Premium, when it in fact was called Advanced eDiscovery in an earlier incarnation, collections used to be called searches. So, collections are simply searches. Think of them as that. So, we can configure customization, allow customization at the case or collection level, which will enable case managers to override these settings for individual cases or collections. We can configure some location settings. Additional locations can cause cases to take longer, or I should say searches within cases to take longer, I should say. And you'll find this sort of detail highlighted to you all through the process of eDiscovery Premium. It will warn you if the selections you make are going to add time and complexity to your eDiscovery Premium settings within your cases. So, here we have the ability to add in additional locations, such as guest mailboxes. We can search guest mailboxes during tenant-wide searches. And we can now also search shared teams channels during tenant-wide searches. Now, these are quite new features, actually. And in fact, this collections section within the eDiscovery Premium core settings is a recent addition to this area. This is all very, very new. And in any of my previous videos on eDiscovery that you may have seen on other YouTube videos, you will not have seen this. This is all pretty new and cool stuff, so this is excellent. Then we have some retrieval settings as well. And in the retrieval settings, we can choose to identify additional items that we want to collect. So, we can select teams and Yammer conversations. And we can collect up to 12 hours of related conversations when a message matches a search. We can also now look for cloud attachments and collect these from links to SharePoint or OneDrive. Now, a cloud attachment is essentially a modern attachment. And when you think of the more traditional way of sending attachments with emails that we've been using for 20-odd years, then that attachment was uploaded to the email and then sent to a person or a list of people. And then that was creating multiple versions of that attachment. So, modern attachments are attached to emails or shared from SharePoint or OneDrive. And they remain in place. There is one source of truth there. And whatever is shared with those external recipients, whoever is receiving that content, eDiscovery can now search for instances of that and present those in the results. We can also choose to search for all document versions and collect all versions of SharePoint documents. If this is not selected, then only current versions are going to be collected. So, SharePoint versioning, just to explain that a little bit more, when you're working in a Word doc or an Excel spreadsheet, which is saved in a SharePoint or OneDrive or a Microsoft 365 location, then you'll probably notice that it's auto-saving as you make changes. And this is creating versions, version history. Now, previously, eDiscovery wasn't capable of discovering all of these versions, but now it is. So, this is awesome. But it will warn you, if you are including this option within your cases, that that's going to add time and complexity to your search results. And finally, we can choose to collect unsearchable items that might be relevant, partially indexed items as well. So, we can go ahead and apply these settings. And just for the purposes of demonstrating all of these throughout this series, I am going to select all of these selections. So, we're going to apply that. Next in the core settings is the communication library. Now, this is important to set up for your cases, because within cases, there is a communication section, which we will get to when we create a case. But in order for that to work, we need to have some templates for communications in place. And these templates, the purpose of them is to alert your users, or if you want to use the right terminology, your custodians that are assigned to your eDiscovery cases, when their content is placed on hold, when they are the subject of an eDiscovery investigation. So, in order to do that, we need these templates. And these are fairly straightforward to create. We create them by putting in a template name. So, we'll just put in a name there, which you need to be more descriptive than I have been, obviously. But then we need to define the portal content of your hold notice. So, this is the content of the email that the custodians are going to receive when their content is placed on hold. So, we'll put in dear display name, you have content on hold as part of an investigation. Then we need them to acknowledge that. So, we will put in an acknowledgement link for them. We can also put in a link to the actual eDiscovery portal as well, which effectively amounts to the same thing. When we get later on in the process, we'll demonstrate how this all works. So, you'll see what happens. We can put in the issuing date and we can put in the name of the issuing officer email as well. So, we can go through and select all those details. What you can also do is you can put in further notifications. So, we can set an issuance notification, select your recipients, all custodians and a carbon copy and blind copy people in and same sort of thing that you did in that initial defined portal method. There's also a reissue notification setting and a release. So, it goes through the stages of communication. So, they'll get that issuance of that communication, then you can have a reissuance and then finally they can be notified when the content is released. So, you can't proceed without filling these in. You have to complete those, but it's fairly much the same sort of process. And if I go into this one that I created earlier and edit that, I can show you in a bit more detail. So, we'll go through and we can see that I've configured this one in much the same way. And here we go. We can see all those details filled in. And the next stage is optional notifications, which you can use to set reminders and escalations as well. So, an escalation, if the custodian has not acknowledged the communication, then the escalation could be sent to their manager, for example. So, nice and simple, easy to do. There we go. And that's communication library. Issuing officer, these are the people who can issue those communications. So, again, you can add these in quite easily there. I have one in here, but you can go in and add more. And then finally, there's a preview feature here that is not in general availability yet for historical versions. So, SharePoint versioning allows for tracking the activity of an item, which can help in providing an audit trail. So, the historical versions feature allows organizations to quickly search for not only the current version of documents in SharePoint, but across all the previous versions of those documents stored in the SharePoint site. So, this feature is currently in public preview. And during that period, this is an important thing to be aware of. Each organization is limited to 100 SharePoint site activations. But when the feature becomes GA, general availability, organizations that have used this public preview will need to obtain a new license. So, be very careful with this one. And just be aware that there are some caveats to that at the moment. This general core settings area is definitely worth keeping a close eye on, as I expect there'll be more features appearing in here in time. Certainly, the collections has been a very recent addition, and the analytics section where we had that attorney-client privilege. I wouldn't be surprised if we saw more conventions added to that in the near future. Okay. So, that is our core eDiscovery settings. And I think that'll about do it for this first in our series of eDiscovery Premium. When we come back in the next video, we will go through how you create a case and what the steps are. So, stay tuned, and we'll be back very soon with more on eDiscovery Premium. Thank you, as ever, for your support of the channel. Please do continue to like and share and subscribe. Your support has been absolutely overwhelming so far. I've been blown away by the response to the channel and have had some lovely comments. So, thank you so much, and we'll see you on the next video. Take care now. Bye-bye.