This article addresses frequently asked questions about eDiscovery in Office 365, Exchange 2013, SharePoint 2013, and Lync 2013.
A: eDiscovery, or electronic discovery, is the process used by organizations to find, preserve, analyze, and package electronic content (often referred to as eletronically stored information or ESI) for a legal request or investigation.
A: The eDiscovery Center is a SharePoint site collection where cases are defined, sources to be tracked are identified, holds on content are placed or removed, queries are issued, and results reviewed and exported.
Some key features of the SharePoint eDiscovery Center are:
Exchange In-Place holds enable you to place mailboxes content on hold indefinitely, based on a query, or based on a time period. Key features include:
A: People create, manage and use eDiscovery cases through the eDiscovery center (EDC). The EDC is a SharePoint 2013 site collection where cases are defined, sources to be tracked are identified, queries are issued, query results reviewed
and holds on content are placed or removed.
When content is exported from the eDiscovery Center in SharePoint, it is exported in a standard EDRM format that is often used by other eDiscovery programs. An
Electronic Discovery Reference Model XML manifest is included in the export to provide metadata about the exported items. After export:
Return to Top
A: The following are the service plans and products that provide eDiscovery features.
For more information about which content is indexed and troubleshooting search, see:
A: Yes, here are the limits:
SharePoint eDiscovery Center
A: The following defines which sources can be searched, held, and exported. The content must be indexed by servers running on plans or versions of Office 365, SharePoint, and Exchange that contain eDiscovery features.
Lync 2013 (when archived in Exchange 2013)
Indexed File shares
Indexed Content from external systems
A: You must be an administrator to set up an eDiscovery Center. Create a new site collection that uses the eDiscovery template, configure the appropriate permissions and groups, and configure Exchange connectivity. The following articles
A key step in setting up eDiscovery is to add Exchange or Exchange Online as a result source. Because the eDiscovery Center is based on a site collection, this configuration must be made at the site collection level or higher, and not at the site level.
For more information see
Configure result sources for search in SharePoint Server 2013 and
Manage result sources.
A: Following are various stages involved in working with eDiscovery case in SharePoint 2013:
A: eDiscovery is a powerful tool that can potentially expose sensitive information from SharePoint and Exchange content across your entire organization. A user must be authorized to perform an eDiscovery search in SharePoint and Exchange.
Permissions to perform eDiscovery searches must be controlled and monitored depending on security and compliance requirements in you organization.
An eDiscovery manager must be able to view all content that is potentially discoverable. In SharePoint, we recommend that you create a security group for eDiscovery users, and add the appropriate users to the security group. Then you can grant permissions
to the security group, instead of individual users. Choose a name for the security group, and record the name in the worksheet. Also record which users will be members of the security group. For more information, see Plan
for eDiscovery in SharePoint Server 2013 and
Permissions planning for sites and content in SharePoint 2013.
In Exchange or Exchange Online, you need to add a user to the Discovery Management role group. Adding users to the Discovery Management role group allows them to use In-Place eDiscovery to search all Exchange 2013 mailboxes and access potentially sensitive
email content in user mailboxes. Check with your organization’s legal or HR departments before assigning this permission to any user. For more information, see
Add a User to the Discovery Management Role Group.
A: You can audit in-place search and holds for Exchange items in the Exchange Admin Center. In the SharePoint eDiscovery Center, you can audit actions on SharePoint content.
You can also audit the holds and searches that are run as long as you configure auditing to interact with search in advance. The searches against Exchange do not include the specific mailboxes that were searched, however.
For more information on configuring audit settings in SharePoint, see
Configure audit settings for a site collection.
Return to Top
A: The following articles and other resources provide information about eDiscovery and related technologies:
Return to Top