Freigeben über

How to do In-place eDiscovery in new O365?

  • Artikel

 Please find the Ignite training on this topic that I delivered along with Mark on this Topic here https://community.office365.com/en-us/blogs/office_365_community_blog/archive/2013/08/01/ignite-webcast-how-to-use-ediscovery-in-office-365.aspx

For detailed and easy understanding of how the mail gets moved through different Deletions folder and what is the retention period of items in the respective folder, please follow the previous post using below link. It has easy steps that you can use to recover emails. If the emails are not present in Recover deleted items then you can use the MFCMAPI option or eDiscovery option depending on number of user mailbox items you want to restore. The deleted items remain in the Deleted Items folder is extended to indefinitely or according to the duration set by your administrator.

https://blogs.office.com/2015/02/20/extended-email-retention-deleted-items-office-365/ (Thanks Nino Bilic for pointing this out)

 

Single Item Recovery in O365

https://blogs.technet.com/b/praveenkumar/archive/2012/10/16/single-item-recovery-in-exchange-online.aspx

 

 

In the below post I have described how we can do eDiscovery in new Office 365

 

       

  • In Exchange admin center select Permissions > admin roles

                       Double click Discovery Management

                       Under Roles Click on Add and Select Mailbox Import Export

                       Under Member, Add yourself as a Member and Click Save.

 

        

 

    

  • Now click on compliance management and select in-place eDiscovery & hold

        

  • Hit + sign to create a new search query
  • Give a Name and Description and hit Next

          

  • Select the mailboxes that you want to query and click Next.

        

  • In the next screen if options are greyed out as below it means you do not have proper permissions. Revisit the step for adding permissions. If proper permissions have been added sign out and sign in back

      

  • In the filed provide the text you want to search. You can use Boolean expression like OR and AND to make robust query

        

  • Once you have specified the search attributes hit on Next
  • You can do a in place hold of the search items. (Note, this option will be greyed out if you have selected all mailboxes during the mailbox selection process) and hit on finish

         

               

How to see the search results?

As we have added yourself to the Mailbox import export and other permissions we have the below options available

 

In new O365 we have more robust options to see the results compared to W14

 

 

Estimate search results

This gives us a list a small report of the search. It also tells us what was number of hits for each of the items we entered in search Query as keywords

 

Part of the estimate result is copied below

----------------------------------------------------------------------------------

Test

This search is for searching all mails in the organization that has word test in the subject line

Hold None

Search Status: Estimate Succeeded

Run by: Prakum

Run on: 18-07-2013 13:56

Size: 410.23 KB

Items: 5

Errors: None

Statistics:

KEYWORD

HITS

Test

25

<-Previous- Keywords: 1 to 1 of 1 -Next->

  -------------------------------------------------------------------------------------

 

Preview search results

This opens up eDiscovery preview of results in the browser and we could see the results directly in the browser itself

 

 

Copy search results

This option opens up a dialog box where you can select fine tune search results and copy the items to Discovery search mailbox

Once you hit Copy, in the search results field towards the left you will have an option to open Discovery Search mailbox..

 

 

 If you click on open it opens the Discovery Search Mailbox in a new browser

 

 

 

The mailbox will have a folder by the name of the search (TEST in our case) and put the mail items there as below

 

 

 

 

Export to PST

This is a new option that we have in new O365 where we can export the search results to PST to the local computer. It downloads the results based on mailboxes, ie if the search finds there are 10 mbx that has the keyword we are searching for if creates 10 PST one each for each mailbox.

 

 

We have not discussed in detail regarding the in-place Hold, would discuss that in subsequent posts :)

 

 

 

In-Place eDiscovery

https://technet.microsoft.com/en-us/library/dd298021(v=exchg.150).aspx

 

Single Item Recovery in O365

https://blogs.technet.com/b/praveenkumar/archive/2012/10/16/single-item-recovery-in-exchange-online.aspx

Comments

  • Anonymous
    January 15, 2014
    The eDiscovery is by default hidden from GAL and I would suggest to create another mailbox for this use
  • Anonymous
    January 15, 2014
    The eDiscovery is by default hidden from GAL and I would suggest to create another mailbox for this use
  • Anonymous
    January 31, 2014
    Does the search go through a users online archive as well as their mailbox?
  • Anonymous
    April 10, 2014
    I am introducing "How to" series for new Office 365, aka Wave 15. You will see few guest writers
  • Anonymous
    January 26, 2016
    Nailed It!!
  • Anonymous
    January 29, 2016
    The comment has been removed
  • Anonymous
    February 27, 2016
    Daniel. You can always automate things by using PowerShell. Give it a try.
  • Anonymous
    March 16, 2016
    Thank you for your time on this.. it is a very fundamental part of 365 Admins to recover data.

  • Anonymous
    April 05, 2016
    that was really helpful thanks a lot
    • Anonymous
      May 23, 2016
      happy you found this usefull @Mario and @Marlon
      • Anonymous
        July 06, 2016
        :)I teach all my customers to user this feature and give them your links every time as a reference.Again thank you!
        • Anonymous
          November 12, 2016
          Thanks for the encouragement Mario. Really Appreciate it !!! Happy you found this helpful.
  • Anonymous
    June 03, 2016
    Nice write up!Thank you for the post!
    • Anonymous
      June 03, 2016
      Thanks Nikhil
      • Anonymous
        August 26, 2016
        Awesome..........!!!!!!!!!!!!!!
        • Anonymous
          November 12, 2016
          THanks Sumeet
  • Anonymous
    November 15, 2016
    Hi, I am having trouble exporting it to PST.I have done the search, it was successful, I then click on the Export to PST file.My computer then downloads a 16KB file called "microsoft.exchange.ediscovery.exporttool"application.I was kind of expecting to download the PST file.Any help would be greatly appreciated.
    • Anonymous
      November 15, 2016
      all good now. did it in exployer and it worked. Needed the onclick function
  • Anonymous
    March 13, 2017
    Aw, this was a really nice post. Taking the time and actual effort to make a top notch article… but what can I say… I put things off a whole lot and don't manage to get nearly anything done.
    • Anonymous
      June 09, 2017
      Glad you found it useful. Even I keep postponing stuff, but looks like I have to better