Using the eDiscovery tool for content search in the Microsoft 365 Compliance Center!



Dear Microsoft 365 Friends,


This article is about the eDiscovery (content search) tool in Microsoft 365. Before we start, a quick word about licenses. In order to work with the tool, you need the necessary licenses. Please have a look at the following link:


In my case I had to clarify the question, would emails with certain words be sent or received. To clarify this, I created a content search with eDiscovery. How this is done exactly, I will explain in the next steps.

We start our investigation in the Microsoft 365 Admin Center. On the left side click on "Show All" (if not everything is displayed) and select the Complicane Center.



In order to work with eDiscovery we need the necessary permissions. Click on Permissions.



In the "Compliance Center" category, click "Roles".



Search for eDiscovery Manager and click on this Role Group. This will give you the details of this Role Group.



Navigate down and you will see "eDiscovery Manager" and "eDiscovery Administrator". For this demo, I added my account to the "eDiscovery Administrator". This is not necessarily following the concept of "working with the least privileges" (but absolutely OK for this demo). In a Productive environment, you can assign a person the role of "eDiscovery Manager" in an eDiscovery case (we'll get to that in a moment). Thus, this person only gets access to this one eDiscovery case. Click on "edit".



Click on "edit" again.



Find the user and click on "add" and then on "done".



In the "Compliance Center", navigate to eDiscovery and select "Core".



Click on "Create a case".



Enter a name and if you want a description and click "save". We have now only created the "container" but not configured anything yet. We will change that in a moment.



Navigate to "Searches" and click on "New search".



Specify a name and description. Then click on "next".



Now select the locations. This selection depends very much on your search. Then click on "next".



For keyword I use as search term "Testversion". The goal is to find emails that contain this word. If you want you can work with conditions to limit this search. I like to start very general to get an overview, narrowing can be done later. Then click on "next".



And now "Submit".



Depending on the size of the organization and the number of objects that need to be examined, it can take a very long time until the status "Completed" is reached. Allow yourself time.



If the status is "Completed", click on your search and you will get a "Summary". At the bottom click on "Review sample".



Bingo! We see a list of emails, and in the first email we already see our keyword.



Sure this wasn't super exciting, but I still wanted to share this information with you.

I hope this article was helpful for you? Thank you for taking the time to read this article.


Best regards, Tom Wechsler

0 Replies