Microsoft Purview part 2: This is part 2 of several parts that deal with Microsoft Purview and which tools are available there.
In this blog post, we dive into two powerful tools in Microsoft Purview: eDiscovery and Content Explorer.
These tools are essential for organizations that want to manage and protect their data effectively. We'll take a look at how eDiscovery can help find and preserve relevant information for legal cases and investigations, as well as how Content Explorer provides insight into your data so you can identify and securely manage sensitive information.
eDiscovery in Microsoft 365 is a set of features designed to help search, collect, and export data from Microsoft 365 organizations. It is a process of identifying and delivering electronic information that can be used as evidence in legal proceedings or the like. An eDiscovery Administrator can perform the same tasks as an eDiscovery Manager, which includes using eDiscovery search tools to search content locations within the organization, and performing various search-related actions such as previewing and exporting search results. They can also create and manage cases in Microsoft Purview eDiscovery (Standard) and Microsoft Purview eDiscovery (Premium), add and remove members to a case, create case inventories, run searches related to a case, and access case data. *In addition to this, an eDiscovery Administrator can:
Access all cases listed on the eDiscovery (Standard) and eDiscovery (Premium) pages of the Compliance Portal.
Access case data in eDiscovery (Premium) for any case in the organization.
Manage any eDiscovery case after they have added themselves as a member of the case.
Remove members from an eDiscovery case. Only an eDiscovery Administrator can remove members from a case.
Example of using the eDiscovery role Let's say there is a legal case involving an employee in your organization, named “Employee X”. You, as the eDiscovery Administrator, have been given the task of finding all emails and documents related to this case.
Create a case: First, you will create a new case in the eDiscovery portal. You can give it a name that is relevant to the investigation, for example "Case Employee X".
Add members: You will then add relevant members to the case. This could be other administrators or legal team members who need access to the case.
Create a search request: Now you want to create a search request within the case. You can use keywords, dates, and specify places to search, such as mailboxes or OneDrive accounts. In this case, for example, you can search for "Employee X" in all emails and documents for a specific time period.
Review the results: Once the search is complete, you can preview the results directly in the portal. You can also export the results for further analysis.
Create a case file: If you find relevant information, you can create a case file to preserve the content for a specific period of time. This ensures that the data is not deleted or changed while the case is ongoing.
Content Explorer in Microsoft Purview is a tool that gives you an overview of the items in your organization that have a sensitivity label, a preservation label or are classified as a sensitive information type. Here are some of the main features of Content Explorer:
It shows a snapshot of the items that have a sensitivity label, a retention label, or have been classified as a sensitive information type in your organization.
It automatically identifies common types of sensitive data based on hundreds of built-in data patterns such as social security numbers, bank account information or driver's license numbers.
Content Explorer also shows where these data types are located, and you can even drill down to the file or email that contains it.
You can use Content Explorer to improve the performance of custom trainable classifiers by giving them more feedback.
Example when searching for a SIT (sensitive information type)
Example when searching for a sensitivity label
Access to Content Explorer is severely limited because it allows you to read the contents of scanned files. There are two roles that provide access to Content Explorer, and this is provided using the Microsoft Purview compliance portal:
Content Explorer List viewer: Membership in this role group allows you to see each item and its location in list view.
Content Explorer Content viewer: Membership in this role group allows you to view the content of each item in the list.
The account you use to access Content Explorer must be in one or both role groups. These are independent role groups and are not cumulative. For example, if you want to give an account the ability to view only the items and their locations, assign Content Explorer List viewer rights. If you want the same account to also be able to view the content of the items in the list, assign Content Explorer Content viewer rights as well. A global administrator can assign the necessary Content Explorer List Viewer and Content Explorer Content Viewer role group memberships.
Bjørnar & AI
Comments