Commsverse 2022 – eDiscovery & Teams

Posted by

Estimated reading time: 5 minutes

On June 29th of 2022, I will be presenting at the Commsverse 2022 event in London. The subject for my session is (Advanced) eDiscovery for Microsoft Teams. A complex subject in itself. And in order to give it the attention it deserves, I decided not to get into some specific subjects. In this article, I do want to touch on them, so that you will get the complete picture.

Microsoft Purview eDiscovery (Premium) is a very powerful component in your Microsoft 365 arsenal. It is part of Microsoft 365 E5, The E5 Compliance add-on, or the E5 eDiscovery & Audit add-on. It allows for the complete workflow steps as laid out in the Electronic Discovery Reference Model. And during my session, I will go into these steps.

But eDiscovery (Premium) also has some additional settings, which I will not cover in detail. So here are these settings:

  • Compliance boundaries
  • eDiscovery and encryption
  • Predictive coding
  • Attorney-client privilege

Compliance boundaries

The default roles used by eDiscovery (eDiscovery Manager & Investigator) will allow you to perform the eDiscovery functions like search and export for all covered workloads and information located in Microsoft 365. But for some organizations, this might be going a bit too far.

And that’s where compliance boundaries come in. Using these boundaries, you can determine and control which locations can be searched and by whom. You can set up boundaries to scope the workloads (only OneDrive for Business) or scope based on specific attributes, like department. Or let specific eDiscovery investigators only look at data up to a certain age.

These boundaries work with so-called search permission filters. When eDiscovery members attempt to search specific content, the filter will check if they have the required permissions to do so. The boundary is based on the concept of agencies. You will need to define these agencies yourself. For example, by using an Azure AD attribute like department or country.

Now you can create specific eDiscovery permission groups per agency and add the relevant users to these groups. Using the PowerShell cmdlet “New-ComplianceSecurityFilter”, you now create the boundary itself.

Using this cmdlet you specify which group can access (or not access) which content. And for this, you can use the properties of the mailboxes, SharePoint sites, and OneDrive for Business sites. This example allows a specific group within the organization to only access OneDrive for Business content.

New-ComplianceSecurityFilter -FilterName OnlyO4B -Users "O4B eDiscovery Managers" -Filters "SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'"

This is really a nutshell – a more detailed overview can be found here: https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-compliance-boundaries?view=o365-worldwide

Predictive coding

When performing content reviews in eDiscovery (Premium), it will not surprise you how much content you might need to process. Even if the queries and data sources are very reliable, you still might need a hand sorting out the relevant and irrelevant pieces of information. And this is where predictive coding comes in. This feature (which can be found in your review set under Analytics) allows you to train the eDiscovery engine to determine which content is relevant and which is less relevant.

In order for the model to work, you will need to go through at least 50 items and select whether these are Relevant or Not relevant. Based on this, the predictive code will be created. And the more items you add, the more accurate the model becomes. In the end, you can use the predictive model as one of the build-in filters for your review set.

You will notice that I don’t have one on the list above. It should be there as “Predictive model (name)”. However, there is one condition for this to work. A condition, I did not satisfy in my demo environment. You will need at least 2.000 items in your review set for this to work!

eDiscovery and encryption

This is a very short one. When you use Microsoft encryption for either Office 365 Message Encryption and/or Microsoft Information Protection, please beware. According to the documentation, only eDiscovery (Premium) is able to search, preview, and export all encrypted attachments and documents.

But there are some limitations to this:

  • Files encrypted using “user defined permissions” are not supported;
  • Files with user access set to something other than Never are not supported;
  • Files that were locally encrypted and uploaded to SharePoint Online or OneDrive for Business are not supported;
  • When searching a recipient’s mailbox, an encrypted file attachment will not be decrypted when this file was attached using a local computer upload or the “Attach as copy” function. Workaround: search the sender mailbox instead.

Attorney-client privilege

The last setting I want to mention is a very specific one. It allows the eDiscovery engine to determine if information that is part of a review set contains very specific privileged information. In this case: if attorneys are involved. Like predictive coding, this setting uses machine learning to determine if this might be the case. The machine learning algorithm looks for information that might be legal in nature, and also if the information contains legal participants.

These legal participants can be the layers within your organization. As part of the model, you need to supply a list of names which is then used in the algorithm.

The algorithm will then produce a score for each item in the review set. And this score can be found in the metadata for the item. Even if the setting has not been enabled, you can find this score. The score contains three parts: Attorney-client privilege score | Has attorney participant | Potentially privileged

The score ranges from 0 – 1. The higher the score, the more likely the document is legal in nature. Based on the list of attorneys, the participant part is set on either true or false. If no list is uploaded, then this part is false by default. Based on the score and the attorney participants, the final part is either True or False.

This model is used in the review set. It will display a warning if a document is potentially legal in nature. But because it is a Machine Learning model, you can also either confirm this or reject this, per item. In order to use this function, you will need to activate this from the eDiscovery (Premium) settings.

More information can be found here: https://docs.microsoft.com/en-us/microsoft-365/compliance/attorney-privilege-detection?view=o365-worldwide

To wrap up

Although I will not get into these settings during my session, I still hope the session goes as planned and is informative. I will share the slides, as always, after the event.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s