Speaker 1: Hi guys, I hope you all are doing well and welcome to Office 365 Concepts. In this particular video, we will be talking about eDiscovery in Office 365. We will be discussing what is eDiscovery and why it is used. I will be discussing the flow that we need to follow while using eDiscovery and then I will demonstrate to you how to run eDiscovery tool and how to export results and the reports of a search. If we go by definition, eDiscovery is a tool that is used to perform search on the Exchange Online mailboxes, SharePoint sites, Microsoft Teams, and Microsoft 365 Groups. By using eDiscovery, you can download the searched results in a PST file. eDiscovery allows you to place a mailbox or all the mailboxes under hold. You can even place a search under hold so that the search is preserved for future use. Now let's understand the flow of using eDiscovery and the prerequisites those are required to be met before we use eDiscovery tool. The first thing that we need to make sure is that we have appropriate licenses. To access eDiscovery in Microsoft 365 Compliance Center and to use the hold and export features, your organization must have Microsoft 365 E3 or E5 license or Office 365 E3 or E5 license. If you want to place mailboxes under in-place hold, then you need to assign one of these licenses to the users or you can use a license that includes Exchange Online Plan 2. Once you have the appropriate licenses, the next step is to assign required permissions. To use eDiscovery and to run a search or to export the search results, you need to be a member of eDiscovery manager role group. The next step is to create a case in eDiscovery. I will show you all these steps practically as well and things will be more clear. Once you have created a case, the next step is create a search to search the contents of the mailboxes or SharePoint sites. During this process, you can place a mailbox on hold. This step can be optional because it depends on your requirement if you want to place the search or the contents on hold or not. You place a search under hold to preserve it from the deletion so that no one can delete it until you remove the hold from eDiscovery itself. And the last step is to export the search results to a PST file. You can export the report as well that will give you a detailed information that how many items were found and whether all the items were retrieved in the search or not. So these are the six steps those are required in order to use eDiscovery tool to perform a search and to place the search results on hold. And to run eDiscovery tool, use Microsoft Edge browser. Internet Explorer is no more recommended to run eDiscovery. So now let me show you practically how to use eDiscovery tool. To use eDiscovery tool from Office 365 Admin Center, we will go to Compliance. This will redirect you to Microsoft 365 Compliance Center. And to access eDiscovery, you will click on eDiscovery. And then you will click Core. But before we use eDiscovery tool, we need to assign certain permissions. So for that, we will go to Permissions. And under Compliance Center, we will click on Roles. This will list all the permissions those are required to manage certain tasks under Compliance Center. For eDiscovery, we will go to eDiscovery Manager and make sure that Hold and Export and Preview. These three roles are added under eDiscovery Manager. If this role is missing, you can click on Edit and go to choose Roles, click Edit. And from here, you can add the roles that you want to add. So these three roles are added already. So there is no need to make any changes here. Under eDiscovery Administrator, you will add the global administrator or the account who is going to use eDiscovery tool. You can click on Edit, Add. And from here, you can select the user, click Add. And that particular account will be added under eDiscovery Manager. So the global admin account is already added here. Let's close this. Now once you make changes within eDiscovery Manager or any one of these permissions, it can take up to 24 hours for replication. So you might have to wait for some time once you assign these permissions. And once these permissions are replicated, you would be able to access all the features of eDiscovery. So once permissions are replicated, you will go to eDiscovery. Then you will click on Core. And then we will click on Create a Case. You can give it a name, for example, Test Case, and click Save. So this case is created now. In order to manage the search or to export results into PST file or to manage other features of eDiscovery, all these tasks will be performed under this particular case. So we will click on this case, and then we will go to Searches. Here in order to search a particular location or SharePoint site, Teams, or mailbox, we will click on New Search because we need to create a search first. And let's give it a name, Test Search. Now under specific locations, under Locations, we can select what type of locations or the contents we want to search. Let's say we want to search Exchange Online mailboxes. So we will switch it to On. Now by default, it will contain all the mailboxes within this particular search. Let's say you want to run search for a particular mailbox or a particular Office 365 group or a Teams chat. For that, you will click on Choose Users, Groups, or Teams. Now it will give you an option to select the user account or the group. For example, I want to run search for global admin account. Click Done. Under SharePoint sites, if you want to search these sites, you can turn this option on. And from here, you can select the site name. And for example, I want to run search for this particular site. You can click Add. And this particular site will be added under this search. Same way, if you want to run search for Exchange Online public folders, you can select them. And these public folders will be included within the search. Let's say I just want to run a search for a particular mailbox. So we have selected the user here. Next option is Locations on hold. If you select this option, then by default, these locations will be under hold. So as of now, I'm not going to add any hold on this particular location. So I have selected one user, then I'll go Next. On the next screen, eDiscovery will ask you to add certain keywords or conditions. It depends on your requirement if you want to run a default search that will include everything within this particular mailbox. Or let's say you want to run search on the basis of keywords or conditions. For example, if you want to run search for a particular keyword, let's say if security word is mentioned within the emails or calendar items or contacts of a mailbox, so only these items will be retrieved within the eDiscovery search. You can add multiple keywords as well, like this. And apart from keywords, you can add conditions also. Let's say you want to search for emails, those were received between 8th of December 2021 till 17th of January 2022. So basis of this condition, eDiscovery tool will run search on the mailbox and it will retrieve the results. Apart from this, there are other conditions also. You can add a condition on the basis of sender. For example, you can select sender here and you can type the email address and eDiscovery will retrieve the results on the basis of the sender, like the emails that the sender has sent to this particular user, only those emails will be retrieved within the search result. You can run eDiscovery on the basis of size of the email, subject, retention label, message kind. Message kind is what type of content you are looking for within the mailbox. You are looking for emails, calendar items or contacts. Let's say you are looking for calendar only. So you can mention here meetings and then click next. So this particular search will retrieve only the meetings of the mailbox. Apart from that, there are other conditions as well, like received, recipient, sender, subject too. So on the basis of these conditions, you can run eDiscovery tool. Let's say you want to run a search on the basis of two, to whom the emails are sent. So here you can mention the email address of the recipient and on the basis of this condition eDiscovery tool will retrieve only these results. So once you have made the changes as per your requirement, click next and you can review the changes from here. And once everything is done, click submit. So the search is created. Let's click done. Let's go to this search. And now here you can see status says the search is starting. So it will take some time, couple of minutes. And once this search is completed, after that, it will show you results just below it. How many emails are found and then we can analyze them further. So the status of this search is completed. 222 items are retrieved from one mailbox that we selected. This is the size of the entire search result. If you go to actions, we can see a few more options here. Edit search will let you to edit the current search that you have performed. For example, you want to add a few more users. You want to add a few more locations. You can add the keywords or you can add the conditions as well. And again, you can run search on the basis of these changes. Apart from that, rerun search will let you to rerun this particular search. If you want to delete this search, you can delete it from here. You can copy the results, export results and export report. Now let's say you want to preview the result. Let's say the 222 emails, those are retrieved within this search. Before you export it, you want to preview them. So for that, you will click on review sample. So here we can see the preview is generated. And these are the emails, those are retrieved within the eDiscovery search. So this is how you can preview the search result. Let's close this. We can go back from here. Now let's say we want to place a particular mailbox or this search under hold. For that, we will go to hold and here we will click on create. Give it a name. For example, test hold next. And from here we can select the locations, exchange mailboxes, SharePoint sites or exchange public folders. What type of contents we want to place under hold. Let's say I want to place everything on hold. You can select all the locations. Click next. This is on your conditions. You can add here. Click next and click submit. This hold will be applied on the entire exchange online, including mailboxes, public folders, SharePoint sites and Teams and Office 365 groups as well. Now let's see how we can export the search results and the search reports. For that, we will click on the search. Then we will go to actions. If you want to export the report, you can click on here. Export will be a CSV file which will give you. Which will tell you how many items are found within the eDiscovery search. How many items were skipped so you can find all the details from that CSV file. Now from here we will click on generate report. So it is a job has been created. Let's go to exports from exports section. You can export the reports and the search results.

Speaker 2: So let's click on this. And from here.

Speaker 1: It is still loading. It may take a couple of minutes. So this process is completed now. It is showing the number of items and the size of the items and to export this particular report. We need to copy this key first. You can simply click on this copy to clipboard and then go to download report. Open this tool. This is a very small application. Now here we will paste the key and then we will browse to the location where we want to save this particular report. So let's say I want to save this particular file on C drive. Click OK and then click start.

Speaker 2: This will download the report on this particular location. So export process is completed.

Speaker 1: We can see the status processing has completed the export completed successfully estimated total items 222 and this is the speed and remaining items. So let's click close and let's go to C drive and here we can see test search reports on Go to this folder. So let's open export summary report under this report. You can find the status of the export. You can find the estimated items how many items were downloaded whether any item was skipped. Was there any error during the export process and under results you can see the actual emails. These are not emails but you can find the CSV file for the emails. You can search you can look at the subject of the email the location that we searched then to whom this email was sent. You can check those details as well send date and sender is the global admin whose account we searched apart from that you can search if the emails had any attachment or not. You can also check if the email was read by the user account or not. You can check the type of the message whether it's an email message or calendar item even you can check the size of the email as well. So this is what you can find within the reports. Now let's export the PST file. Let's go back to search. Click on this search go to actions and then click export results to export CSV file or the report. We will click on export report and to export the PST file. We will click on export results on this particular screen. You will click on export and it says a job has been created. So again we will go to exports and this time we will click on this one that says test search export. And again it will take some time to fetch the details of this particular export and once it is completed after that we will download the search result into a PST file. So to export PST file again we will copy the key and then we will go to download results open the application paste the key here and then browse to the location where you want to save this PST file. Click start. So the download process is completed. Now let's go to the location where we have saved the file. It is saved under C drive and we will go to test search export open the folder. These are the results the CSV file and to access the PST file we will click on exchange folder and this is the PST file. Now we can use this PST file to import it into Outlook profile. So this is how you can use eDiscovery tool to perform search on the locations on the mailboxes SharePoint online sites Microsoft Teams Office 365 groups and you can export those results into PST file. In the next video we will be talking about content search. I will be discussing what is content search and I will demonstrate to you how to use content search to search the locations. So if you have learned something new from this particular video please write in comments and please subscribe to the channel. Thank you guys. Thank you for your time. Take care.