Core eDiscovery in Microsoft 365 and how Druva plays a role

What is eDiscovery?

Electronic discovery (eDiscovery) is identifying, collecting, and producing electronically stored information (ESI) in response to a request for information in a lawsuit or investigation. This usually includes emails, documents, databases, audio, and video files.

eDiscovery can be associated with litigation, which has a specific requirement that documents be put on a legal hold or litigation hold (not to delete or change) while the case is open, and should be allowed to search for specific needs. The legal hold is released once the case is closed.

Microsoft’s eDiscovery

Microsoft allows Microsoft 365 customers to enable eDiscovery capabilities via their E3 and E5 licenses.Core eDiscovery allows eDiscovery managers to create cases and legal holds, and search for data. This allows users to put legal holds on various Microsoft cloud locations, including Exchange emails, OneDrive, SharePoint, and Teams data. 

Advanced eDiscovery is built on top of existing eDiscovery capabilities and provides an end-to-end workflow to preserve, collect, analyze, review, and export data. This lets users create custodians to group locations together. Read more about advanced eDiscovery in Microsoft’s documentation here.

Users can explore results via a plug-in connected with Microsoft Edge.

License requirements

Microsoft 365’s E3 license provides core eDiscovery capabilities while its E5 license provides both core and advanced eDiscovery capabilities. E3 users can add advanced eDiscovery features with an extra add-on that costs $10 per user.

Core eDiscovery process

Core eDiscovery in Microsoft 365 provides a basic eDiscovery tool that organizations can use to search and export content. Core eDiscovery can place an eDiscovery hold on content locations, such as Exchange mailboxes, SharePoint sites, OneDrive accounts, and Microsoft Teams, to search, export, and preserve content. 

Below is a sample workflow on how core eDiscovery works:

• eDiscovery managers create a case
• Add locations (Exchange mails and OneDrive/SharePoint contents, chats and messages) and create legal hold(s)
• Search data, preview results and export contents to Azure Blob Storage
  • Can use export tool to download and review the data
  • Exported results will be kept for two weeks
• Once a case is resolved, it will be closed and all holds will be released

Advanced eDiscovery process

Microsoft provides advanced capabilities by extending the capabilities of basic eDiscovery. 

Below is a sample process workflow:

• eDiscovery manager creates a legal case 
• Add data custodians (Exchange mails and OneDrive locations are added automatically)
• Add extra locations (SharePoint/Teams files, chats, and messages) where needed
• Create holds
• Search data
• Create review sets
• Upload external data if required
• Search inside specific results
• Export results
  • Results will be moved to Azure Blob Storage
  • Can use Azure Storage Explorer to download the data

Druva, legal hold, and eDiscovery

Druva enables core and advanced eDiscovery capabilities, and allows eDiscovery managers to place legal holds and use eDiscovery capabilities via theDruva Elite license. This license currently supports both Exchange emails and OneDrive locations, along with Gmaill, Google Drive and Slack. Support for Microsoft SharePoint and Microsoft Teams is coming soon. 

Once custodians are identified, Druva can put a legal hold on collections associated with that user. Druva can also extend eDiscovery to endpoints including laptops and mobile devices. Druva’s eDiscovery process is relatively simple by associating custodians with the case, and searching the data, before generating a report and exploring the results.

A Druva eDiscovery administrator collects data from selected locations and downloads the collection details from the admin console. The details can then be reviewed for associated legal cases.

A download client is available to explore the results for both Windows and Mac environments. Refer to Druva’s documentation to learn more,and read our joint white paper with Lighthouse to learn more about Druva’s eDiscovery and forensic capabilities. 

Key takeaways

Druva offers a single eDiscovery solution for multiple data sources including Microsoft, Google, and Slack. Its enhanced functionality delivers central visibility and federated data search across multiple data collection sets, allowing users to resolve legal cases quickly and efficiently. Druva enables the discovery of contents which are already backed up and protected. Legal teams can leverage Druva’s capabilities to place litigation holds on contents to identify specific data when working with legal teams. 

For more information, read our eDiscovery cost savings guide for a look at how to optimize your processes and cut costs up to 30 percent.