Top 5 Tips for Office 365 eDiscovery

Get the most out of your E3 and E5 Investment

1. Take an inventory

One of the most important aspects of eDiscovery is knowing what the potential sources of data are in your matter. Part of this means knowing which workloads in Office 365 are in use, such as Teams, Yammer, OneDrive for Business, and more.

If your organization would like to employ these tools, it is imperative you know how to search through and collect those records for discovery in a matter.

Are you aware of all of the sources of data your organization potentially has? Remember, this can also include Shadow IT.

2. Set information governance policies

In order to reduce risk and potential exposure, information governance policies should be in place on electronic records within the organization.

A simple retention policy should be adopted that your employees are trained on regularly. It should be integrated into the tools your employees use regularly, such as Microsoft Outlook or OneDrive for Business.

Records should be maintained for their required period of time, and disposed of afterwards. Bluesource has helped many organizations get comfortable with the capabilities of information governance policies so that automatic expiry of data can finally be turned on.

With advanced data governance from Office 365, we can even help deploy policies that actually classify data automatically, without any interaction from your employees.

This allows your information governance policy to be put in place, with minimal reliance upon your staff.

3. Make sure auditing is enabled

Auditing, especially eDiscovery activities, is super important. Due to the sensitive nature of content searching and eDiscovery work, you’ll want a detailed log of all activities performed within the Security & Compliance center.

Now is a good time to check and make sure it is enabled in your tenant, and to review some of the logs.

You can even set up alerts, so that when specific activities are performed, such as a search being run, designated parties receive an alert.

4. Learn KQL

KQL, or Keyword Query Language, is Office 365’s filtering language for content searches, in-place legal holds, and eDiscovery searches within the Security & Compliance center.

While the most common filters are exposed in the search interface, there are many more than aren’t. This article is a good reference page to add to your bookmarks, as it has all the available search keywords.

5. Add Non-Office 365 Data

As comprehensive as Office 365 is, it will never represent the entire landscape of your data. Using Office 365’s Advanced eDiscovery, you can upload data outside of your tenant, such as files collected from local file shares, laptop or desktop data, or evidence from opposing or outside counsel.

Bluesource can also provide a full-service migration of your legacy data, especially from archive products such as SourceOne, EmailXtender, PSTs, and many others.

If you would like more information on Microsoft Office 365 eDiscovery training or migration services, please don’t hesitate to reach out to us.