We've moved the
eDiscovery FAQ to support.office.com. This version of the FAQ on Wiki is no longer being maintained, and will eventually be removed.
The on-going eDiscovery investments are being made primarily in Office 365, specifically in the Security & Compliance Center.
Here’s a landing page with links to eDiscovery-related help topics:
This article addresses frequently asked questions about eDiscovery in Office 365, Exchange 2013, SharePoint 2013, and Lync 2013.
A: eDiscovery, or electronic discovery, is the process used by organizations to find, preserve, analyze, and package electronic content (often referred to as eletronically stored information or ESI) for a legal request or investigation.
A: The eDiscovery Center is a SharePoint site collection where cases are defined, sources to be tracked are identified, holds on content are placed or removed, queries are issued, and results reviewed and exported.
Some key features of the SharePoint eDiscovery Center are:
Exchange In-Place holds enable you to place mailboxes content on hold indefinitely, based on a query, or based on a time period. Key features include:
A: People create, manage and use eDiscovery cases through the eDiscovery center (EDC). The EDC is a SharePoint 2013 site collection where cases are defined, sources to be tracked are identified, queries are issued, query results reviewed
and holds on content are placed or removed.
When content is exported from the eDiscovery Center in SharePoint, it is exported in a standard EDRM format that is often used by other eDiscovery programs. An
Electronic Discovery Reference Model XML manifest is included in the export to provide metadata about the exported items. After export:
Return to Top
A: The following are the service plans and products that provide eDiscovery features.
Office 365 Education A2
Office365 Government G1
Office 365 Education A3
Office365 Government G3
Office 365 Education A4
Office365 Government G4
Office 365 Government K1
For more information about which content is indexed and troubleshooting search, see:
A: Yes, here are the limits:
A: The following defines which sources can be searched, held, and exported. The content must be indexed by servers running on plans or versions of Office 365, SharePoint, and Exchange that contain eDiscovery features.
Lync 2013 (when archived in Exchange 2013)
Indexed File shares
Indexed Content from external systems
A: You must be an administrator to set up an eDiscovery Center. Create a new site collection that uses the eDiscovery template, configure the appropriate permissions and groups, and configure Exchange connectivity. The following articles
A key step in setting up eDiscovery is to add Exchange or Exchange Online as a result source. Because the eDiscovery Center is based on a site collection, this configuration must be made at the site collection level or higher, and not at the site level.
For more information see
Configure result sources for search in SharePoint Server 2013 and
Manage result sources.
A: Following are various stages involved in working with eDiscovery case in SharePoint 2013:
A: eDiscovery is a powerful tool that can potentially expose sensitive information from SharePoint and Exchange content across your entire organization. A user must be authorized to perform an eDiscovery search in SharePoint and Exchange.
Permissions to perform eDiscovery searches must be controlled and monitored depending on security and compliance requirements in you organization.
An eDiscovery manager must be able to view all content that is potentially discoverable. In SharePoint, we recommend that you create a security group for eDiscovery users, and add the appropriate users to the security group. Then you can grant permissions
to the security group, instead of individual users. Choose a name for the security group, and record the name in the worksheet. Also record which users will be members of the security group. For more information, see Plan
for eDiscovery in SharePoint Server 2013 and
Permissions planning for sites and content in SharePoint 2013.
In Exchange or Exchange Online, you need to add a user to the Discovery Management role group. Adding users to the Discovery Management role group allows them to use In-Place eDiscovery to search all Exchange 2013 mailboxes and access potentially sensitive
email content in user mailboxes. Check with your organization’s legal or HR departments before assigning this permission to any user. For more information, see
Add a User to the Discovery Management Role Group.
A: You can audit in-place search and holds for Exchange items in the Exchange Admin Center. In the SharePoint eDiscovery Center, you can audit actions on SharePoint content.
A: The following articles and other resources provide information about eDiscovery and related technologies: