Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
eDiscovery in Microsoft Purview | What, Why, Components & Step-by-Step Setup | Cloud360 Training | YouTubeToText
YouTube Transcript: eDiscovery in Microsoft Purview | What, Why, Components & Step-by-Step Setup
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
Video Summary
Summary
Core Theme
This content explains Microsoft Purview's eDiscovery capabilities, detailing its purpose, benefits, and practical implementation for managing legal and compliance investigations within an organization's digital data.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
Hello everyone and welcome back to the
channel. My name is Vimal Singh and in
this particular video we will see
eiscocovery. E discovery in Microsoft
pview view. What exactly it is? What is
the benefit of doing e discovery? What
are their components? All this thing we
are going to explore in this particular
video. So this video will contain all
the components of eiscocovery logically
and practically how we can use it from
Microsoft preview. So let's get started.
Let's understand what exactly
eiscocovery is in Microsoft pview. Think
of your company as a huge library which
is filled with the millions of books,
emails or you can say the files, chats,
teams, messages, shareepoint, docs from
our digital environment. And now imagine
there is a legal case or investigation
is going on and your boss asks you that
hey we need all the you can say books
related to project X or if I talk about
in digital scenario so maybe the boss
may ask I need all the data related to
one particular user associating uh or
associated with one particular project.
So if you will try to search this entire
thing manually, it's going to be never
ending process and you'll keep searching
for a longer time period. And that's
where the eiscocovery comes in. It's
like a superpowered librarian or you can
say detective that finds exactly what
you need across your entire company in a
minute. Let's understand the type of a
discovery. But before that there is one
component which is very important for
this. So it's known as content search.
So you can you can consider it as a
magnifying glass. So you tell it what to
look for. For example, if you're looking
for a particular mail for from a
particular user related to a particular
project. So it finds everything matching
your search and you can download it,
export this files for your further
investigation or you can say review. So
you can consider it like a searching a
library catalog and getting a list of
all the books on a topic. Now let's see
the different types of eiscocovery in
Microsoft proview. The first one is
eiscocovery standard. You can consider
it like a detective
and this standard approach of
eiscocovery lets you to create cases
like uh you can say folder for
investigations. All related document for
the particular case can be associated in
one particular folder and then you can
assign it to the people those who are
going to work on these cases.
And you can lock the important files so
no one can delete them because
investigations are going on and whatever
you find against it that will be
presented as evidence. So no one can
alter this evidence because of that we
can lock it. So I can say like assessing
the detective team together presents
preserve and secure all the evidences.
Now the second is eiscocovery premium.
You can consider it like a CSI theme. It
does everything as previous. Plus it
organize and reviews data in detail.
Uses AI and machine learning to
highlight the most important content
first. Then it finds duplicates, analyze
conversations and extract text from images.
images.
It also helps lawyers to save the time
and money by cutting down unnecessary
data. It's like a forensing team is
scanning evidence with advanced tech and
storing what really matters. I don't
need to explain why this matters because
whatever the discussion we had so far
that gives clear understanding why
someone can think about they should have
a discovery. Still if I summarize and
find the few points that will be
beneficial for the organization
uh is the saving time. I mean we can
save our hours of manual searching in a
minutes. We can save money only review
what what is needed instead of exploring
everything reduces legal risk no missing
evidence and works AC across Microsoft
365. So doesn't matter it's outlook
teams shareoint one drive or where your
data is. Let's explore few and important
components of this eiscocovery. The
first one is case. So in eiscocovery a
case is like a digital investigation
folder. It is a central container I can
say where everything related to the
legal search or you can say internal
investigation is managed and there sub
components that you can see we have
custodians like the people uh whose data
you are investigating searches like the
queries you run to find relevant emails
files or chats holds a way to freeze or
preserve data so it cannot be deleted
and review sets
that is collection of all the content
that you're planning to review. So you
can think of it like a command center.
You create a case, define the scope,
lock down important data and search
across your organization, review it
whatever you have collected and finally
export it as a evidence and present it anywhere
anywhere
wherever you want. Now the second one is
search. So, search any discovery is the
core tool for locating electronically
stored information um across your
organization of Microsoft 365 data and
it enables legal and compliance teams to
use keywords like keyword query language
KQL and filters to find relevant data.
So, it can search across Exchange
mailboxes, SharePoint site, one drive
accounts and Microsoft teams. export
results for the review analysis and
legal actions. So essentially the search
function acts as a powerful discovery
engine and helping organization to
quickly pinpoint the exact emails,
documents and massages needed for the
legal case maybe for auditing or might
be for compliance and investigations.
Now the other component is hold in
eiscocovery search you can understand
is instruction within your e dis
eiscocovery for what to preserve
potentially relevant information. So it
prevents accidental or in you can say
intentional deletion or content. It
holds and can be applied to custodians
like users or you can say specific data
sources like mailboxes, shareepoint site
and one drive accounts. Even if a user
attempts to delete the data, the content
remains preserved until the legal matter
is resolved. So in short, a hold acts as
a safeguard ensuring that critical
evidence is take intact for review and
legal proceedings. Now the review set.
So you can consider a review set is a a
static or secure collection of uh
documents and data gathered from an
eiscocovery case that has been
identified as potentially relevant to an
investigation and it serves as a work
space for legal and compliance teams to
do analyzing analyze and inspect cases
data in a structured way. It can tag,
filter and query content for deeper
insight and it ensures that process is
repeatable and you can say defensible
for legal standards. It also prepares
selected data for further review or
production. If you see the diagram as
you can see in the diagram left hand
side we have office 365 services. So
with the help of search we are going to
fetch the data from here and put it
inside the case. On top of it you will
have the review set, review set and
review set. The review set can have data
directly from here or the review set can
have data from nonoffice 365 data
locations or the review set can have
data from any other review set. So data
can be collected from anywhere.
So with this advanced you can say
indexing and analytic review site uh we
can make the review process more
efficient and organized and that will
help our team to focus on evidences that
matters most for the organization. Now
the final one is export data. So in
eiscocovery exporting data refers to the
process of transferring search results.
So all the finding or the search that
you have done you can have the copy of
relevant datas like email document or
other electronic information and from
the eiscocovery case management system
to a local storage uh you can say
format. So whatever you had on online
now you can put it in storage by
converting to PST file if you have mails
or the jeep archive any other data and
that step allow legal and compliance
team to basically review and analyze
evidences outside of your Microsoft 365.
You don't need to allow them access on
your actual online services. You can
prepare the data for the legal
proceedings or regulatory requests and
maintain the integrity of original
content as the export creates a separate
un or you can say un uh altered copy. So
there might be possibility organization
has limitation. They are not supposed to
allow anyone external can come and
present the data directly from the
services. So in that case export data is
going to play very important role. So
this particular service ensure the team
have a usable portable copy of
electronically stored informations for
deeper examination and presentation
while keeping their source data secure.
Okay. So I hope you got the logical idea
what exactly discovery is and why we
should think of eiscocovery in our
organization. Also we explored their
components. Now let's go and explore
practically how we can uh configure this
eiscocovery in our organization.
Towards that the first thing which we
are going to explore is the permissions
and global setting related to eiscocovery.
eiscocovery.
>> Okay. So let's see how we can do the
first thing related to eiscocovery. The
first thing we need to set the roles uh
who can perform a discovery, what right
they will have to perform what. So for
that as you can see we logged in on
Microsoft PView portal and from there we
can go to the setting section. Inside
the setting you have roles and scopes.
You just need to click there. There you
will find roles group. As you can see
all these roles currently is listing
from Azure AD roles. Now to manage these
roles related to this eiscocovery you
need to click on ro groups. The moment
you clicked on this, we will have the
list of role group that has been created
for Microsoft PU view solution. For
eiscocovery, we do have eiscocovery
manager roles already created. As you
can see, it falls under the built-in.
There you will have two types of uh you
can say role group. One is eiscocovery
manager and the other would be
eiscocovery administrator that you will
find inside it. So let's see how we can
manage the members within this
eiscocovery manager. So let's go inside
it and this is the eiscocovery manager
role. As you can see currently it will
show you who are the eiscocovery manager
and who all are eiscocovery
administrator. We have clear visibility
from there. If you want to add or modify
all this you need to click on edit
button. Just click on edit button. There
you will get this option to choose
users. As you can see, currently we are
modifying for eiscocovery manager. And
if you read the description, it clearly
says an eiscocovery manager can only
view and edit cases to which he or she
has access. Nothing else. So if I have
to make anyone as eiscocovery manager,
we will click on choose users. We'll
search for the user to whom you want to
make it. Like here in this case,
Johanna, let's select that user. Now if
I'll go to next button there we have
this eiscocovery administrator and again
if you read the description of it it
says an eiscocovery administrator can
view and edit all cases regardless of
permission. So whoever will be
administrator can manage all the cases.
So if you want to make anyone as
administrator again you need to click on
choose users and add the user
accordingly. Now next and here we have
this role group with the newly added uh
you can say list. Just review it before
clicking on save. Once you are able to
see whatever or whoever is supposed to
member at this place then you need to
click on save. Okay. So now we have
successfully updated the role group.
Let's click on done button. Now here we
can search all the roles um means role
group that we have created. If I click
and search for reviewer, we do have one
reviewer role which is built in. And if
I have to go and check who all are the
member, we can do it in this way. Let's
close it. Now, if I have to create a
custom role group, that is also
possible. If I'm not interested to go
with built-in, we can create our own
role group. So, to do that, click on
create role group. Here you need to
provide the name. Then click on next.
Here we have choose roles and you will
get the list of roles like case
management or the role management
depends on the job role. You can create
the role group and keep assigning the
members accordingly. You have the huge
list of the roles which is already
created. Now let's cancel this. Okay, we
just created the role group and the
members. After that we need to go and do
some settings related to eiscocovery
before using it. If I go to this place
there we are getting attorney client
privilege. So this option basically will
provide you the machine learning
detection of privilege content to make
this process more efficient. So if you
wish to get integrated your machine
learning capability while searching and
finding the content you just need to
turn it on. As you can see the moment we
turned it on here you are getting the
clear description which says you when
you analyze data within your working set
if you have attorney client privilege
detection setting on you will run
attorney client privilege model on your
data and flag documents that you are
likely to be privileged based on the
content as well as by comparing
participants against user provided
attorney list. We can also provide the
uh you can say uh attorney list we can
upload it directly from here and if
you're not interested you can turn it
off and keep going without this attorney
client privilege. Now the next option
here you can see it's guest access here
if you want to allow someone can or the
guest can be uh you can say also get
involved into eiscocovery then we can
turn it on. It depends on your
requirement. So once you have enabled it
must read their warning message. Here it
clearly says once guest access is on
user with case management permission
will be able to invite external user to
the case. So if that is your requirement
yes you can turn it on as per your
requirement. Now we have tag templates.
Again this is important part. So
whenever someone is reviewing and if
they want to tag it or you can say
categorize it they can do it with the
help of this tagging. If you read this
what it says, tag helps organize content
in a review set to complete various
workflow. Tag can be reused across
multiple review sets and cases. You can
group the tag by sections and allow
single or multiplechoice tagging. So to
create this we can go to that place give
the template name we will create a tag
name and then the tags. As you can see
document is responsive or not and you
can have many tags depends on your
requirement. So while reviewing the
reviewers can use this. Okay. So tag got
successfully created.
Now we'll go back to the home and if
I'll go to all solution there we will
get something called eiscocovery. So far
we created everything. Now we can start
creating the cases and start using it.
But as you can see this is the
dashboard. There you will have the
eiscocovery admins and you can explore
the complete admin list directly from
here also we have the knowledge center
you can gain the knowledge related to
eiscocovery as per the Microsoft
official documents now once we set
everything we will create the cases from
this particular option so if I'll go to
this place already created cases are
listing at this place and now we have
this option to create the case okay so I
hope you got an idea what are the
options options we have to configure the
permissions and settings. Now we'll see
how we are going to create cases in e
discovery. Okay, let's see how we can
create the cases in eiscocovery. So for
that I logged in on Microsoft poolview
portal and on the homepage you will see
that eiscocovery option. You just need
to click on that and it will take you
inside the eiscocovery section where we
have homepage that tells you all the
started option including the eiscocovery
admin and in the left hand side that you
will see there is a cases options. So
just click on the cases and now inside
it you will see all the pre-created
cases with their status and along with
other details as well. So as you can see
we have some of the cases inactive
stateed some of the cases got closed and
we do also get this uh filter button. If
you go to that place there you're
getting uh filter as per the status or
the type. So you can select accordingly
if you have a huge number of cases
already created and running. Now to
create a new case we have this option
called create case button. Just click on
that. Here we are going to provide the
case name and the case description. And
after that we can click on create
button. So once this case is created it
will look like this. Now we have case
settings. Inside that case setting we'll
go to that place. There we can see uh if
you have already premium license for
eiscocovery. So this toggle button will
be turned on and it will tell you that
you have this premium feature. It's not
mandatory. You will have always it is
on. If you are not interested to use
this premium feature even after having
the license you can turn it off. depends
on your requirement. Then we are going
to create the case number and action
button that you can see at this place
where we have save, close and delete. If
I want to save this case, we just need
to click on save button. And if you wish
to close this, there is a close case.
But the moment you're going to close it,
you will get warning message that
clearly tells you if you'll close it,
all the holds will be turned off and any
content that was hold on hold will be
released that might result in data loss.
So depends on your requirement. You you
are uh sure that you don't need to do
anything now related to this particular
case then only you can go close it. If
you have closed you can reopen it as per
your requirement. We also have delete
case. So if you're done with the case
and you're not interested to continue
and your case is closed in that case you
can delete this case. If you delete this
case again all holds will be turned off
and any content that was on hold will be
released. Now there is access and
permission that's the important part
here. We are going to define who will
have access on these cases. So we can
define the users while going to this
place. Whoever will be um the member
wants to have visibility or access on
this case, we can assign it to them by
going to this option. Select the users
to whom you want to give. And then we have
have
also role groups. So we can assign it to
a particular role group like a discovery
admins or the managers. So as you can
see we do have something called add
button here under this role group. There
we can go and select the role to whom
you want to give the permission on this.
For example, in this case, we are going
with eiscocovery manager. Now, we also
have the option for the guest user. We
can invite any guest as a reviewer who
can review on the on the findings from
this particular case. So, for that you
need to provide the full name, their
valid email address, organization,
justification and finally you need to
click on invite button. So this way the
user guest users can also be part of
this and we'll get the uh you can say
permission on this case. Now we have
data sources again that's the important
point. So here we will specify the data
sources during the tenantwide search. So
how you want to do it all the people or
group to include unlicensed or on
premises user or all people and groups
to include guest users or all people and
groups include shared teams channels or
include a departed user as well. Now
click on apply. After that we have
search and analytics. Here we are going
to specify u you can say how the search
and analytics would take place. So we
can configure uh search analyticity
setting from this particular section.
And as you can see here, you can set the
document or email similarity threshold
and the group item by themes. For
example, 70% for document and email
similar similarity threshold. And also
if you want to go with optical character
recognization that finds the content
from the images itself. So we can enable
that OCR at this place with the low
accuracy or the high accuracy depends on
your requirement. Now let's save the settings.
settings.
Come back
and there we go. And finally we have
review sets. This is again important
part but we will have dedicated uh you
can say option or the place where we are
going to discuss about this review for
just for now because this option came at
this place. So uh you can define this
review set is is is basically a static
set of documents uh where the reviewers
or the admins can analyze query or you
can say the view do tagging or export
the data in a case so that if you want
to enable for it you can turn it on or
turn it off depends on your requirement.
Okay. Now let's explore how we will do
the search inside the cases. Okay, let's
see how we can create the content by
using search for our case. So, so far we
saw that how we can create cases and as
you can see the cases are listing under
this case section under the eiscocovery.
Now let's go inside a particular case
and try to collect the content for it.
So for that we will create a search.
Let's click on that give a search name
description and create.
Once it is created, we are getting the
settings I mean the sources that we can
edit from where it is going to search.
So if I'll go to this place, let's go
and add the user first. If I selected
that user, so the associated mailbox and
any other you can say location is
associated with that user will get
listed. So in our case as you can see
right now the mailbox is there. Along
with the mailbox, we do have site I mean
one drive that is associated with the
user. Now let's add other things like
here we have a Microsoft 8 project team
and we would like to add the teams
project. Apart from that we have some
sharepoint documents that can also be
included and we do have different views.
So if I'll go to that place we have tree
views. If I click on that we will have
more clear visibility otherwise we need
to go and by clicking there you will
find this. So here you can see the
detail information related to this teams
and everything. Now once you specify the
data source locations click on save
button. So here we can see this that
user is listing. If you wish you can
also add the frequent collaborators with
this user. So to do that we just need to
click on that three dots and we you will
find this frequent collaborators. If
you'll go inside it, you will have the
clear visibility top 10 uh you can say
the most relevant or you can say the
frequent collaborator for the selected
user and you can select their locations
as well. So as you can see we selected
for Patty and Johnny their mailboxes and
the sites all. Now before going to find
the data or before executing the query
it is important to execute the sync
button because if anything else got
added related to that user or their
collaborators will be visible to that
place. So here you can see the moment
you synced it here it clearly says one
data source has updated updates
available. So we can go to that place
and we can check it out. If I'll go
there there is something called new and
we just need to click on edit button.
There we saw that okay something got
introduced so we just need to include in
that then resave it and now we are
getting three way to search the content
either we can go with the condition uh
builder or you can have keyword query
language keyql and search by file so
that's like a you can say orchestrated
way or you can say declarative approach
to search the content so if I'll go to
this place you have select filter. We
have multiple conditions like sender
operator equals any and then we are
going to select the user from this
particular place. Not only this, we can
have more than one condition that you
can add it like recipient equals to this
or maybe date between this particular
keyword like this and you have sensitive
type sensitivity label and identifier.
So this this is the new eiscocovery
experience. So they have added some new
filter that we can use to uh add it in
our query builders. So this identifier
filter will help to find the exact uh
you can say item that matches the input
identifier message ID from exchange
mailboxes or the document path or one
drive site you can say sharepoint sites
and other thing. Now if I'll go to this
place we created. Now let's close it and
see how we can use this key. If I go to
that place, if you know the language and
the way of writing it, you can directly
start defining it because that's the
editor. But if you're not familiar and
having difficulty to write the complex
one, we can get a benefit of this
Microsoft copilot. So if you have the
Microsoft copilot license and uh that is
integrated with this poo you just need
to click on that and there you are going
to write your requirement uh just like a
normal prompt and there it is going to
give you the keyql. So if I click on
generate keyql here it will generate
that keyl and we can copy that keyl and
put it inside that keyword query
language builder section and it will
start searching as for that. The third
option that you can see search by file
we have and there you can clearly it
says upload one or more file to find
related or similar content for a
specific investigation. So if I'll go to
this attach file there we have either
find similar content in a txt or the
CSV. If I click on the CSV we can upload
the content and it will start searching
similar to that. So as you can see that
got listed here. Okay. Now let's come
back to the condition builder because we
tested it for uh we saw that how we can
do it for condition keyword query
language and search file. So we can now
write it depends on what a skill you
have and which will meet your
requirement and then we have to execute
this run query. In our scenario we do
not have any condition. So it will start
searching for everything related to the
user and the sources that we have
defined as a data source. Now let's go
and click on run query. And here we are
getting two option.
So if you read this it says format query
results. Select the type of query result
you want to view the statistics or the sample.
sample.
So if I'll go to sample, it gives you
okay select the number of sample item
generated per location and select the
number of location to generate sample
files or we can go with the statistics.
The statistics is more useful in the
real world. So let's go include
categories. If I select this one, if you
read it, it says refine your view to
include people sensitive information
type item types and errors. include
query keyword reports. So SSS keyword
relevance for the different part of your
search query and investigate partially
indexed item. We can we can perform
advanced indexing on partially index
items as well as uh you can say exclude
partially index item in locations
without search item. In this case we
will be going with the advanced one.
We'll select that
and now we are going to run this query.
So here it will show you the complete
process the calculation time and the
progress whatever time it takes to f
those information and give you to to
you. So it's completed and now you can
see the informations are loading and
there we got something called search
locations and the data source and we do
have some download report for some of
them but if you want to get the complete
report we have this option from there we
can download this complete report. There
you can see this report got downloaded.
Now if I'll go to that button there we
have view settings as well. So related
to this search setting you have the
clear visibility what you have selected.
So just now we selected this statistics
view that we are able to see that. Now
if I scroll it down as you can see it
gives you the clear visibility in detail
like top keywords that we have used in a
search. So if I click on that view top
100 it will show you all these 100
keywords that it has used. So we have
killer visibility and even we can
download the conditions report as well.
Now if I'll scroll it down we do have
other informations as well as you can
see the top location type and other
things. If I have to generate the sample
data that is also possible. If I'll go
to that place and we can generate the
sample results as well. This is useful
in a scenario before finalizing. If I
want to check how my findings works at
this place in that case we will go and
generate this sample report. So if I run
this query, it will generate it and
provide you the complete details at this place.
place.
So once the result have been generated,
we can review the items. For example, if
I selected this one and there we are
getting this um uh source view as you
can see inside that we got this what
item got finded and how it looks like in
a native application. Then if I'll go to
the next one there we can see again we
are finding the source and their
complete detail. Along with that we have
process manager. So after reviewing this
aesthetics and a sample of query result
we can modify the data source and query
as needed and once you are you can say
satisfied you can add the full query
result to a review set or export the
content directly at any point of time.
At any time you can monitor the status
of your running jobs and that can be
done with the help of process manager.
So if you click there you have the
killer visibility about your running
jobs and this pan will provide an
overview of the process and the button
to copy the support information in case
it is needed for troubleshooting. Now if
I'll go to the setting tabs there it
tells you the complete again that shows
the setting that were used when the
process was ex executed and you can also
download the details summary report
containing all relevant information for
the process.
As you can see this report is ready for
you. Now if I click on open here it will
show you the complete report. If I click
to that place here, it tells you that
each file whatever you saw there it
contains the you can say detailed meta
data which help you to get additional
insights. Okay. Now we saw that how we
are going to do the search. Now after
that whatever the document or the you
can say data we collected there might be
possibility we have to preserve those
data as evidence. So how we are going to
preserve it by creating hold? Let's
explore it. Okay, let's see how we are
going to create um hold on the cases. As
we logged in on the Microsoft Pview and
we are inside this cases, right? So as
an eiscocovery manager we can create
hold to preserve content for a case. So
let's click on the one of the case and
there you can see just after the search
we have hold policies. So we will click
on the hold policies and there we are
going to create a policy. There we'll
give the name for the hold policy and
let's click on create button. Now we
need to define the data sources and
there we are going to click on edit and
at this place we are going to define it.
If I'll go to that place we selected
that user and as you can see the user
related mailbox and site got listed
here. We are going to define the project
teams. We will define our product
development. We will define our project
locations and everything that depends.
So when you add a distribution group,
the mailbox of its current member will
also get added at this place. Now let's
click on save. And there again we have
three dot where we can add the frequent
collaborators the similar way the way we
added for the search. So we can go to
that place and select the frequent
collaborators as well and click on save.
Now we are getting two option to search
those content either we can go with the
condition builder or keyword query
language. If I'll go to that place there
we can select again the condition like
type and here we will select the equals
any of and a particular value like email
message or maybe the documents or
instant message or co-pilot activity all
this depends on your requirement
whatever you're looking for then we can
add some more like date in between or
maybe after this particular date that we
can specify for example 1st June 2024
and the similar thing we can define it
at this place. As I mentioned before
executing we must sync it. So if it has
anything else newly added that will get
added at this place. In this case there
is nothing. So now we will apply the
hold. So whatever the location that we
have defined there the hold will get
applied. Now once it is applied as you
can see it will perform as per their you
can say duration depends on what you
have selected and how much you can say
data source you have and there you will
get the complete details. So this page
will provide a summary of the content um
that you have put it on the hold
including the number of locations and
the data sources on hold. So if I scroll
it down here you will get the complete
details. So let's pick that user and you
will have the complete detail. Now let's
close it and go up. There we have again
process manager. So we can check it out
if any you can say process which is
still running for this hold. So you can
see applying the updating hold and the
status you can see this is completed. So
if I'll go to that place there we have
again applying update hold clear
visibility at what time that got
completed and created and we do have the
report option as well that we can
download. Now let's close this one. And
there we have policy actions. If I click
here, we can turn off, we can turn it
on, we can retry the policy, delete it.
So for each of these action, a new hold
policy process will initiated and this
process progress and the relevant
information can be checked from the
process manager. So depends on your
requirement you can pick any of this
like for example turn off it will give
you the turn off policy description
might result a permanent deletion of any
content currently being reser preserved.
So let's continue editing. Okay. So
initially we talked about the review set
what exactly it is and what's the
benefit of it. So now let let's see how
we are going to create review set in
eiscocovery. Let's see how we are going
to do the review sets. So here as you
can see we already logged in on a pview
portal and we have cases available.
Let's click on the case and there we
have this option called review sets. So
from here we can start creating the
review set. But uh as we just talked
this review set uh you can say is a
basically a content from the Microsoft
365 or you can say non- Microsoft 365
data source also can be included at this
place to analyze query view tag or
export. So we can create from here or we
can create from the search tab itself.
So if I'll go to that place if you
already have search created we can
create the review set from there as
well. So if I click at this place there
you can see we have data sources because
the search is already created and it is
highly recommended whenever you're going
to do anything first sync it. So if any
source got some update that will get
listed here. We do not have any update
for this that is good. And now there we
are getting this option to add a review
set. So we can click to create the
review set from here as well. So let's
click from here and here we are going to
give the name for the review set. So
let's provide the name. And now we are
going to specify the item that will be
part of your review set. For example, we
can include indexed item that match your
search query and partially index item
that may not match your search query. So
it depends on your requirement. We will
pick our selection. Now as you can see
we have other option which is about OSP
means we can specify what will be
included for you can say files from the
one drive and the sharepoint sites
either the latest version only or the
recent 10 versions 100 versions depends
on your requirement you're going to pick
it out.
Now here we have
spec we can specify what to include for
messages and related items for mailboxes
or the exchange online and by default
this eiscocovery threads contextual chat
message into an HTML transcript for you
can say of review that is included here.
We can collect those information either
from uh you can say the share point one
drive and that can also be included at
this place. Now add the review set and
now the review set as we created and we
are able to see that. So for more detail
let's navigate in a detail pan and there
you can see we have manage option. So it
includes lot of documents like your
email would be there, document,
shareepoint content, team messages and
chat messages would be there. So let's
expand it. There is a load set and we
can check our load set from here. Also
we have tags. So if I come to that that
place, we can import the tag. If you
have already created that can be
imported from here or we can create our
new tag as well from this scratch. So
for that we need to provide the name and
then we are going to add the tag group
name at tags
and let's save it.
Let's close.
Now here we can use the filter to review
documents more efficiently by focusing
on a subset of documents that meet the
criteria you define. So if I'll come to
this place select a filter and there we
are going to select as per our
requirements like keywords here we can
select the operators and there we are
going to define the keywords that we are
looking for and we got this information
related to that keyword here we do have
some more condition that you can put it
all together so maybe I'm looking for a
particular date after and then I'm going
to select that so now I'm getting this
information filtered it out as per this
selection which we just did it. Now
let's delete it and we can create some
more KQL B. So if I'll go to that place
search operator equals to and there we
are going to define the KQL query that
we can use to find that. Now similarly
if I'll go to that place we have the
group section. We can group this item u
to make it more useful. I mean uh it
would be easy for the reviewers. So by
default the content is grouped by the
conversation and related related items.
We can also choose to group as for the
family attachment or not group content
for all depends on your requirement. So
group by family families and there you
can see we are getting all the mail
related PowerPoint Excel and so on. So
if I expand it there we are getting all
this information here at this place
related to that. So once it is filtered
and organized the content we can
efficiently review the items whatever is
uh you can expected for review. Now if
you can go and open this individually
there we have this complete sources and
you have the clear visibility of it. If
you have integrated or you have the
license of co-pilot, security co-pilot,
you can summarize it by going to that
place. So the co-pilot will help you to
get this information in detail and help
you to better review the content and the
findings. We can also make a query to
that co-pilot that will help you to find
those information on a right direction
or right way the way you are looking
for. Similarly, if I'll come to this
place there, we have again summarize
button and we can go and summarize it.
And as I said, we can also have the
prompt that we can use. So that's a
summary that we can specify. And if I'll
go and ask something, the co-pilot can
help you out to find and again give you
the answer as your request. Now let's
close this one and come back to some
other document. That's our you can say
contoso search research document. If I
go and expand it there we are getting or
you can see the excel document
containing sensitive research and the
development information. It depends on
any requirement what you want to
explore. Similarly we got this um you
can say the teams. So you can review the
trade conversation to gain more context
or uh towards your investigation. If
I'll go that place there we have the
complete trade available. Similarly this
is the word comment for investigation.
So as you can see at this place what
document was flagged and we are able to
see this complete source. We also have
the plain text to do analytics quickly
and we have annotate so we can go and
analyze whatever we are finding at this
place we can annotate it by going to
this place. So that would be easy to
refer or because we are the reviewer so
we are going to define it and mark it
whatever the finding that we are looking
for. Now area reductions we have
reducted we have metadata and we can
make a note of those metadata. So here
we can pin that. So there we can search
and then pin it. Similarly search the
information that we're looking for and
pin it.
Now let's close it. And there we have
another document. If I'll go to this
place there we have update notes. that
note we can also add at this place so
that it would be easy for the reviewer
or analyzers.
Now we have tag files.
So once we are ready we can tag this
document using the tag value that we
have defined previously. So here we can
go and select the tag as per your
requirement. Document is responsive or
not depends on your requirement and
findings. Similarly I'll go to that
place and we can tag multiple. It's not
just one. So we can select more than one
and there we have tag files. So we can
select whatever it is as for that. So
the tag can be applied to one or
multiple documents all together. And now
we are getting this analytics. So that
eiscocovery provides you the analytics
tool that can help you to organize
documents and reduce the volume of
documents without information loss. So
if I click there, here we have run
document and email analytics. If I click
here, it will take you I mean it will
take some time and then we'll provide
you the analytics results. So if I say
yes, click on okay. Now if I'll go to
the action, we have this report ready
and we can click here. Now we are able
to see this complete uh you can say
analytics reports like target,
population, documents, emails,
attachment everything. Okay. So now we
are going to see how we can export the
data we found offline. So we can present
those to someone externals those who can
use and present those as evidence. Let's
see how we are going to export the data.
So here we already created some cases.
Let's go inside the case. And we have
searches available. So within the case
there are two location you can export
the data from a search or the review
set. First open the existing search for
the case. Let's go there. And there we
are getting this export button. So we
can export our search directly from
here. We will give the export name,
export description and the item that
should include to your export. Right? So
this is the first way. Now we can
cancel, go back and there other way is
review set. So if I come to this place
there you can see we have already
created one review set. In the previous
demonstration you must have seen that.
Now if I'll go inside it there we can
open this review set. We already
performed the analytics and tagging
everything. So we can go to that place.
We will search it as per the tag which
we have already created. Now we are
going to equals any like document is
responsive or not. And there we can have
action to export those. So we can click
on export. Again we will give the export
name. There we are going to define all
documents to review or all filter
documents or you have export type as
also that we can define which is export
item with the item report and organize
data from different locations into
separate folder or PSD or include folder
and path structure of a source depends
on your requirement you can select that
and finally we are going to create on
create export. Now it says an export
process has been submitted and please go
to the process manager to track the
progress and download exported content.
So if I click okay there we are getting
process manager. If I click to that
place there we have export button and as
you can see right now the status is in
progress. If I click on that export that
will show you the progress complete
whatever is going on. As you can see it
is calculating the time remaining and it
will show you how much time is remaining
for that. So now this is completed the
process is completed and we are able to
see the packages here the files that got
filter it out for the export. Now we can
select that one and we have download
this package. We will click on this
download and there it's downloading.
Once this download is completed we can
open this folder and there we are
getting this summary page. If I'll go
and open this summary page that gives
you the complete information that how
and how much finding it has done. As you
can see the export name, export ID, case
name, case ID, export started by and so
on. All this information we are getting.
Let's close it and go inside that actual
data. There we are getting export load
file. If I'll go and open that, that
will tell you what exactly it has found.
So you can see here. So this contains
the complete meta data such as location
of each file that is stored in the
chipped file and it can also include
additional metadata generated after
running analytics for review set which
can be used to optimize review projects
when running the analytics job. So here
you can see this complete information
that we are getting.
That's a complete metadata that we are
getting at this place.
Okay. Now let's close it.
and go to this warning and errors. There
might be possibility some of the file
didn't get export because of the
limitations or might might be permission
or other issue would be there. So that
this particular file includes the
information about the error encountered
while trying to export from the review
site. You can scroll it and you will
have the detail of that. Now if I'll go
to the exchange folder and here you will
see the complete exported exchange items.
items.
There we have a shareepoint and it
provides you the complete SharePoint
site related and it has been categorized
in a folder. So research and development
will have all the documents related to
that and so on. Now not only this so
here if you can see Microsoft tells you
that hey we do have graph rest API so
programmatically you can reach out to
that place and face those information
depends on your requirement. Even for
eiscocovery we are getting this graph
API as I mentioned it's going to be
really good for the organization those
who are into the automation or they
might might have some different
application where they want to include
all this information and provide such
information either to their team or the
customers or maybe someone who are
involved in this case. So it would be
easy programmatically they can face
those information from this and this is
what Microsoft says at this place. If I
scroll it down there, you can see all
the details related to the eiscocovery
we have and the possibilities there. So
for example, if I click here, there we
have a eiscocovery case. There you have
properties, methods and you can see all
their methods are listing at this place.
Okay. So finally we understood what
exactly eiscocovery is and how we can do
it in Microsoft pool view. So, thank you
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
