Compliance / eDiscovery / Microsoft Ignite / Microsoft Purview

Microsoft Purview eDiscovery (Premium) & Guest access

Posted by

Reading time: 3 minutes

As 2023 is coming to an end, I wanted to do a short blog on eDiscovery. And to be more exact: guest user access.

Microsoft Ignite 2023

With all the Copilot information coming out of Ignite 2023, some other pieces of information might have escaped our attention. And in this last blog of 2023, I want to focus on an eDiscovery enhancement: guest user access. I will explain this function in more detail below.

The scope for this blog is eDiscovery (Premium) – the most advanced eDiscovery module within Microsoft Purview. And to be fair: the only platform that really supports the Electronic Discovery Reference Model or EDRM to its full extend.

Another scope for this blog: we are going to look at guest users. So you will need to have B2B external collaboration activated within Microsoft Entra ID. Or, to put it in other words, if the guest invite settings is set to “No one…… including admins….”, then do not expect this to work.

eDiscovery (Premium) basics

Before we get started, just some basics. eDiscovery works with the concept of eDiscovery administrators and cases. Cases have members assigned. These members can search and review specific content within Microsoft 365. Entra ID guest-users cannot be added to these members, in effect blocking any way to safely collaborate with external parties.

eDiscovery (Premium) also has a specific Settings page, which allows an administrator to set specific configuration settings which work for the entire platform.

Guest users

As Entra ID guest users cannot be added to the members of a case, working with external parties is difficult. And this might be relevant – for example: contracting an external investigation firm or lawyer to work together on the case.

Work-arounds can be invented by our users, which I will not go into 🙂 But one might be to simply create an Entra ID account for these external parties. But this is somewhat cumbersome as you will need to manage the lifecycle for this account, for example. So Microsoft has now introduced the ability to add guest users to cases.

Here are some of the considerations:

  • The guest-user is invited from the specific case and only gets access to this case;
  • The eDiscovery administrators for the tenant need to approve this;
  • A guest-account is created in Entra ID and added to the Reviewer role for the case;
  • When finished, the eDiscovery administrator needs to remove the guest from the case;
  • The Entra ID account is not cleaned up afterwards!
https://learn.microsoft.com/en-us/purview/ediscovery-guest-access

How does this work?

Let me show you how this works with some screenshots. First off, going to a specific case and opening the Settings | Access & Permissions section. Here you find the users/role groups that have access to this case. And note the new Guest users section at the bottom.

Next, we will invite the guest. All fields are mandatory here and the Reviewer role cannot be modified. Perhaps in future?

Please note that you now have created a invitation request. As the invite itself needs to be approved by the eDiscovery administrators. You will notice the Pending approval status.

The eDiscovery administrator can now either approve or deny the request. These requests can be accessed by going to eDiscovery (Premium) | eDiscovery (Premium) settings | Guest users.

From this dashboard, the administrator can approve the request, and the status will reflect this change.

From the guest user’s perspective, he/she will receive an invitation to join the eDiscovery case. I must admit, this might be somewhat clearer for the guest user. And this is an understatement.

When accepting the invitation, the guest account becomes active and is added to the specific case. A streamlined overview of the case is presented to the guest user.

When the guest user no longer requires any access, the eDiscovery administrator can remove this user. This is not done at the case-level! Which is odd. The access to the case is removed and after some time, the guest user will not be able to access the case, as seen below.

To wrap this up. As (nearly) everything in Microsoft 365 is audited in the unified auditlog, we can expect this to be the case for these actions as well. And this is correct. Guest user administration for eDiscovery can be selected as specific activity in the Microsoft Purview Auditlog.

Leave a comment