0:01 Hello everyone and welcome back to the
0:03 channel. My name is Vimal Singh and in
0:05 this particular video we will see
0:07 eiscocovery. E discovery in Microsoft
0:10 pview view. What exactly it is? What is
0:12 the benefit of doing e discovery? What
0:14 are their components? All this thing we
0:16 are going to explore in this particular
0:19 video. So this video will contain all
0:22 the components of eiscocovery logically
0:24 and practically how we can use it from
0:26 Microsoft preview. So let's get started.
0:27 Let's understand what exactly
0:30 eiscocovery is in Microsoft pview. Think
0:33 of your company as a huge library which
0:35 is filled with the millions of books,
0:38 emails or you can say the files, chats,
0:41 teams, messages, shareepoint, docs from
0:44 our digital environment. And now imagine
0:47 there is a legal case or investigation
0:51 is going on and your boss asks you that
0:55 hey we need all the you can say books
0:59 related to project X or if I talk about
1:01 in digital scenario so maybe the boss
1:04 may ask I need all the data related to
1:07 one particular user associating uh or
1:09 associated with one particular project.
1:11 So if you will try to search this entire
1:13 thing manually, it's going to be never
1:15 ending process and you'll keep searching
1:17 for a longer time period. And that's
1:19 where the eiscocovery comes in. It's
1:22 like a superpowered librarian or you can
1:25 say detective that finds exactly what
1:27 you need across your entire company in a
1:30 minute. Let's understand the type of a
1:33 discovery. But before that there is one
1:35 component which is very important for
1:37 this. So it's known as content search.
1:39 So you can you can consider it as a
1:43 magnifying glass. So you tell it what to
1:45 look for. For example, if you're looking
1:48 for a particular mail for from a
1:50 particular user related to a particular
1:52 project. So it finds everything matching
1:55 your search and you can download it,
1:57 export this files for your further
2:01 investigation or you can say review. So
2:03 you can consider it like a searching a
2:05 library catalog and getting a list of
2:08 all the books on a topic. Now let's see
2:10 the different types of eiscocovery in
2:12 Microsoft proview. The first one is
2:14 eiscocovery standard. You can consider
2:16 it like a detective
2:18 and this standard approach of
2:21 eiscocovery lets you to create cases
2:23 like uh you can say folder for
2:26 investigations. All related document for
2:28 the particular case can be associated in
2:32 one particular folder and then you can
2:34 assign it to the people those who are
2:37 going to work on these cases.
2:40 And you can lock the important files so
2:43 no one can delete them because
2:45 investigations are going on and whatever
2:47 you find against it that will be
2:51 presented as evidence. So no one can
2:53 alter this evidence because of that we
2:58 can lock it. So I can say like assessing
3:02 the detective team together presents
3:05 preserve and secure all the evidences.
3:08 Now the second is eiscocovery premium.
3:11 You can consider it like a CSI theme. It
3:15 does everything as previous. Plus it
3:18 organize and reviews data in detail.
3:20 Uses AI and machine learning to
3:22 highlight the most important content
3:26 first. Then it finds duplicates, analyze
3:28 conversations and extract text from images.
3:30 images.
3:32 It also helps lawyers to save the time
3:34 and money by cutting down unnecessary
3:36 data. It's like a forensing team is
3:39 scanning evidence with advanced tech and
3:41 storing what really matters. I don't
3:43 need to explain why this matters because
3:45 whatever the discussion we had so far
3:47 that gives clear understanding why
3:48 someone can think about they should have
3:51 a discovery. Still if I summarize and
3:54 find the few points that will be
3:57 beneficial for the organization
4:00 uh is the saving time. I mean we can
4:03 save our hours of manual searching in a
4:06 minutes. We can save money only review
4:09 what what is needed instead of exploring
4:12 everything reduces legal risk no missing
4:15 evidence and works AC across Microsoft
4:17 365. So doesn't matter it's outlook
4:20 teams shareoint one drive or where your
4:23 data is. Let's explore few and important
4:25 components of this eiscocovery. The
4:28 first one is case. So in eiscocovery a
4:30 case is like a digital investigation
4:33 folder. It is a central container I can
4:35 say where everything related to the
4:38 legal search or you can say internal
4:40 investigation is managed and there sub
4:42 components that you can see we have
4:46 custodians like the people uh whose data
4:49 you are investigating searches like the
4:52 queries you run to find relevant emails
4:56 files or chats holds a way to freeze or
4:59 preserve data so it cannot be deleted
5:01 and review sets
5:03 that is collection of all the content
5:05 that you're planning to review. So you
5:08 can think of it like a command center.
5:11 You create a case, define the scope,
5:14 lock down important data and search
5:16 across your organization, review it
5:19 whatever you have collected and finally
5:22 export it as a evidence and present it anywhere
5:24 anywhere
5:26 wherever you want. Now the second one is
5:29 search. So, search any discovery is the
5:31 core tool for locating electronically
5:34 stored information um across your
5:37 organization of Microsoft 365 data and
5:40 it enables legal and compliance teams to
5:44 use keywords like keyword query language
5:48 KQL and filters to find relevant data.
5:51 So, it can search across Exchange
5:53 mailboxes, SharePoint site, one drive
5:55 accounts and Microsoft teams. export
5:58 results for the review analysis and
6:01 legal actions. So essentially the search
6:04 function acts as a powerful discovery
6:06 engine and helping organization to
6:08 quickly pinpoint the exact emails,
6:11 documents and massages needed for the
6:14 legal case maybe for auditing or might
6:17 be for compliance and investigations.
6:19 Now the other component is hold in
6:23 eiscocovery search you can understand
6:26 is instruction within your e dis
6:29 eiscocovery for what to preserve
6:32 potentially relevant information. So it
6:36 prevents accidental or in you can say
6:39 intentional deletion or content. It
6:42 holds and can be applied to custodians
6:45 like users or you can say specific data
6:47 sources like mailboxes, shareepoint site
6:50 and one drive accounts. Even if a user
6:52 attempts to delete the data, the content
6:55 remains preserved until the legal matter
6:58 is resolved. So in short, a hold acts as
7:01 a safeguard ensuring that critical
7:05 evidence is take intact for review and
7:09 legal proceedings. Now the review set.
7:12 So you can consider a review set is a a
7:16 static or secure collection of uh
7:18 documents and data gathered from an
7:20 eiscocovery case that has been
7:23 identified as potentially relevant to an
7:26 investigation and it serves as a work
7:29 space for legal and compliance teams to
7:33 do analyzing analyze and inspect cases
7:35 data in a structured way. It can tag,
7:38 filter and query content for deeper
7:40 insight and it ensures that process is
7:43 repeatable and you can say defensible
7:45 for legal standards. It also prepares
7:47 selected data for further review or
7:50 production. If you see the diagram as
7:52 you can see in the diagram left hand
7:54 side we have office 365 services. So
7:56 with the help of search we are going to
7:58 fetch the data from here and put it
8:01 inside the case. On top of it you will
8:03 have the review set, review set and
8:05 review set. The review set can have data
8:07 directly from here or the review set can
8:10 have data from nonoffice 365 data
8:13 locations or the review set can have
8:16 data from any other review set. So data
8:19 can be collected from anywhere.
8:22 So with this advanced you can say
8:25 indexing and analytic review site uh we
8:27 can make the review process more
8:29 efficient and organized and that will
8:32 help our team to focus on evidences that
8:35 matters most for the organization. Now
8:37 the final one is export data. So in
8:41 eiscocovery exporting data refers to the
8:43 process of transferring search results.
8:46 So all the finding or the search that
8:49 you have done you can have the copy of
8:52 relevant datas like email document or
8:55 other electronic information and from
8:57 the eiscocovery case management system
9:00 to a local storage uh you can say
9:03 format. So whatever you had on online
9:05 now you can put it in storage by
9:07 converting to PST file if you have mails
9:09 or the jeep archive any other data and
9:11 that step allow legal and compliance
9:14 team to basically review and analyze
9:16 evidences outside of your Microsoft 365.
9:18 You don't need to allow them access on
9:21 your actual online services. You can
9:22 prepare the data for the legal
9:25 proceedings or regulatory requests and
9:27 maintain the integrity of original
9:31 content as the export creates a separate
9:35 un or you can say un uh altered copy. So
9:37 there might be possibility organization
9:39 has limitation. They are not supposed to
9:40 allow anyone external can come and
9:42 present the data directly from the
9:45 services. So in that case export data is
9:47 going to play very important role. So
9:49 this particular service ensure the team
9:52 have a usable portable copy of
9:55 electronically stored informations for
9:57 deeper examination and presentation
10:00 while keeping their source data secure.
10:02 Okay. So I hope you got the logical idea
10:05 what exactly discovery is and why we
10:07 should think of eiscocovery in our
10:10 organization. Also we explored their
10:12 components. Now let's go and explore
10:16 practically how we can uh configure this
10:19 eiscocovery in our organization.
10:20 Towards that the first thing which we
10:23 are going to explore is the permissions
10:25 and global setting related to eiscocovery.
10:26 eiscocovery.
10:29 >> Okay. So let's see how we can do the
10:32 first thing related to eiscocovery. The
10:35 first thing we need to set the roles uh
10:37 who can perform a discovery, what right
10:40 they will have to perform what. So for
10:41 that as you can see we logged in on
10:45 Microsoft PView portal and from there we
10:47 can go to the setting section. Inside
10:49 the setting you have roles and scopes.
10:51 You just need to click there. There you
10:54 will find roles group. As you can see
10:56 all these roles currently is listing
10:59 from Azure AD roles. Now to manage these
11:01 roles related to this eiscocovery you
11:03 need to click on ro groups. The moment
11:05 you clicked on this, we will have the
11:07 list of role group that has been created
11:10 for Microsoft PU view solution. For
11:12 eiscocovery, we do have eiscocovery
11:14 manager roles already created. As you
11:16 can see, it falls under the built-in.
11:18 There you will have two types of uh you
11:20 can say role group. One is eiscocovery
11:22 manager and the other would be
11:26 eiscocovery administrator that you will
11:29 find inside it. So let's see how we can
11:31 manage the members within this
11:34 eiscocovery manager. So let's go inside
11:37 it and this is the eiscocovery manager
11:39 role. As you can see currently it will
11:42 show you who are the eiscocovery manager
11:43 and who all are eiscocovery
11:45 administrator. We have clear visibility
11:48 from there. If you want to add or modify
11:50 all this you need to click on edit
11:52 button. Just click on edit button. There
11:54 you will get this option to choose
11:56 users. As you can see, currently we are
11:59 modifying for eiscocovery manager. And
12:01 if you read the description, it clearly
12:04 says an eiscocovery manager can only
12:07 view and edit cases to which he or she
12:10 has access. Nothing else. So if I have
12:13 to make anyone as eiscocovery manager,
12:16 we will click on choose users. We'll
12:18 search for the user to whom you want to
12:20 make it. Like here in this case,
12:23 Johanna, let's select that user. Now if
12:25 I'll go to next button there we have
12:28 this eiscocovery administrator and again
12:30 if you read the description of it it
12:32 says an eiscocovery administrator can
12:35 view and edit all cases regardless of
12:37 permission. So whoever will be
12:40 administrator can manage all the cases.
12:42 So if you want to make anyone as
12:44 administrator again you need to click on
12:47 choose users and add the user
12:50 accordingly. Now next and here we have
12:54 this role group with the newly added uh
12:56 you can say list. Just review it before
12:59 clicking on save. Once you are able to
13:03 see whatever or whoever is supposed to
13:05 member at this place then you need to
13:08 click on save. Okay. So now we have
13:09 successfully updated the role group.
13:12 Let's click on done button. Now here we
13:15 can search all the roles um means role
13:17 group that we have created. If I click
13:19 and search for reviewer, we do have one
13:22 reviewer role which is built in. And if
13:23 I have to go and check who all are the
13:25 member, we can do it in this way. Let's
13:28 close it. Now, if I have to create a
13:30 custom role group, that is also
13:32 possible. If I'm not interested to go
13:35 with built-in, we can create our own
13:37 role group. So, to do that, click on
13:39 create role group. Here you need to
13:41 provide the name. Then click on next.
13:45 Here we have choose roles and you will
13:46 get the list of roles like case
13:49 management or the role management
13:52 depends on the job role. You can create
13:54 the role group and keep assigning the
13:56 members accordingly. You have the huge
13:58 list of the roles which is already
14:02 created. Now let's cancel this. Okay, we
14:05 just created the role group and the
14:07 members. After that we need to go and do
14:09 some settings related to eiscocovery
14:12 before using it. If I go to this place
14:14 there we are getting attorney client
14:16 privilege. So this option basically will
14:18 provide you the machine learning
14:20 detection of privilege content to make
14:23 this process more efficient. So if you
14:25 wish to get integrated your machine
14:28 learning capability while searching and
14:30 finding the content you just need to
14:32 turn it on. As you can see the moment we
14:34 turned it on here you are getting the
14:36 clear description which says you when
14:38 you analyze data within your working set
14:40 if you have attorney client privilege
14:43 detection setting on you will run
14:46 attorney client privilege model on your
14:47 data and flag documents that you are
14:49 likely to be privileged based on the
14:52 content as well as by comparing
14:54 participants against user provided
14:57 attorney list. We can also provide the
15:00 uh you can say uh attorney list we can
15:03 upload it directly from here and if
15:05 you're not interested you can turn it
15:07 off and keep going without this attorney
15:09 client privilege. Now the next option
15:12 here you can see it's guest access here
15:15 if you want to allow someone can or the
15:18 guest can be uh you can say also get
15:20 involved into eiscocovery then we can
15:21 turn it on. It depends on your
15:24 requirement. So once you have enabled it
15:26 must read their warning message. Here it
15:29 clearly says once guest access is on
15:31 user with case management permission
15:33 will be able to invite external user to
15:35 the case. So if that is your requirement
15:37 yes you can turn it on as per your
15:40 requirement. Now we have tag templates.
15:42 Again this is important part. So
15:44 whenever someone is reviewing and if
15:47 they want to tag it or you can say
15:48 categorize it they can do it with the
15:50 help of this tagging. If you read this
15:53 what it says, tag helps organize content
15:56 in a review set to complete various
15:58 workflow. Tag can be reused across
16:01 multiple review sets and cases. You can
16:04 group the tag by sections and allow
16:06 single or multiplechoice tagging. So to
16:08 create this we can go to that place give
16:12 the template name we will create a tag
16:15 name and then the tags. As you can see
16:17 document is responsive or not and you
16:19 can have many tags depends on your
16:22 requirement. So while reviewing the
16:24 reviewers can use this. Okay. So tag got
16:26 successfully created.
16:30 Now we'll go back to the home and if
16:33 I'll go to all solution there we will
16:35 get something called eiscocovery. So far
16:38 we created everything. Now we can start
16:40 creating the cases and start using it.
16:42 But as you can see this is the
16:44 dashboard. There you will have the
16:47 eiscocovery admins and you can explore
16:49 the complete admin list directly from
16:51 here also we have the knowledge center
16:53 you can gain the knowledge related to
16:55 eiscocovery as per the Microsoft
16:59 official documents now once we set
17:02 everything we will create the cases from
17:04 this particular option so if I'll go to
17:06 this place already created cases are
17:08 listing at this place and now we have
17:10 this option to create the case okay so I
17:12 hope you got an idea what are the
17:14 options options we have to configure the
17:17 permissions and settings. Now we'll see
17:20 how we are going to create cases in e
17:22 discovery. Okay, let's see how we can
17:24 create the cases in eiscocovery. So for
17:26 that I logged in on Microsoft poolview
17:28 portal and on the homepage you will see
17:30 that eiscocovery option. You just need
17:33 to click on that and it will take you
17:36 inside the eiscocovery section where we
17:38 have homepage that tells you all the
17:40 started option including the eiscocovery
17:42 admin and in the left hand side that you
17:44 will see there is a cases options. So
17:47 just click on the cases and now inside
17:49 it you will see all the pre-created
17:52 cases with their status and along with
17:54 other details as well. So as you can see
17:56 we have some of the cases inactive
17:59 stateed some of the cases got closed and
18:02 we do also get this uh filter button. If
18:03 you go to that place there you're
18:07 getting uh filter as per the status or
18:10 the type. So you can select accordingly
18:12 if you have a huge number of cases
18:14 already created and running. Now to
18:16 create a new case we have this option
18:18 called create case button. Just click on
18:20 that. Here we are going to provide the
18:22 case name and the case description. And
18:24 after that we can click on create
18:27 button. So once this case is created it
18:29 will look like this. Now we have case
18:31 settings. Inside that case setting we'll
18:34 go to that place. There we can see uh if
18:36 you have already premium license for
18:38 eiscocovery. So this toggle button will
18:40 be turned on and it will tell you that
18:43 you have this premium feature. It's not
18:45 mandatory. You will have always it is
18:47 on. If you are not interested to use
18:49 this premium feature even after having
18:51 the license you can turn it off. depends
18:53 on your requirement. Then we are going
18:57 to create the case number and action
18:58 button that you can see at this place
19:01 where we have save, close and delete. If
19:03 I want to save this case, we just need
19:06 to click on save button. And if you wish
19:08 to close this, there is a close case.
19:10 But the moment you're going to close it,
19:11 you will get warning message that
19:14 clearly tells you if you'll close it,
19:16 all the holds will be turned off and any
19:20 content that was hold on hold will be
19:23 released that might result in data loss.
19:26 So depends on your requirement. You you
19:28 are uh sure that you don't need to do
19:30 anything now related to this particular
19:33 case then only you can go close it. If
19:35 you have closed you can reopen it as per
19:37 your requirement. We also have delete
19:39 case. So if you're done with the case
19:40 and you're not interested to continue
19:43 and your case is closed in that case you
19:45 can delete this case. If you delete this
19:48 case again all holds will be turned off
19:51 and any content that was on hold will be
19:53 released. Now there is access and
19:55 permission that's the important part
19:57 here. We are going to define who will
19:59 have access on these cases. So we can
20:01 define the users while going to this
20:04 place. Whoever will be um the member
20:07 wants to have visibility or access on
20:09 this case, we can assign it to them by
20:11 going to this option. Select the users
20:14 to whom you want to give. And then we have
20:15 have
20:18 also role groups. So we can assign it to
20:20 a particular role group like a discovery
20:23 admins or the managers. So as you can
20:25 see we do have something called add
20:27 button here under this role group. There
20:29 we can go and select the role to whom
20:31 you want to give the permission on this.
20:32 For example, in this case, we are going
20:36 with eiscocovery manager. Now, we also
20:37 have the option for the guest user. We
20:40 can invite any guest as a reviewer who
20:42 can review on the on the findings from
20:44 this particular case. So, for that you
20:46 need to provide the full name, their
20:48 valid email address, organization,
20:50 justification and finally you need to
20:53 click on invite button. So this way the
20:56 user guest users can also be part of
20:59 this and we'll get the uh you can say
21:01 permission on this case. Now we have
21:03 data sources again that's the important
21:06 point. So here we will specify the data
21:08 sources during the tenantwide search. So
21:10 how you want to do it all the people or
21:13 group to include unlicensed or on
21:16 premises user or all people and groups
21:18 to include guest users or all people and
21:21 groups include shared teams channels or
21:23 include a departed user as well. Now
21:25 click on apply. After that we have
21:28 search and analytics. Here we are going
21:31 to specify u you can say how the search
21:33 and analytics would take place. So we
21:35 can configure uh search analyticity
21:38 setting from this particular section.
21:40 And as you can see here, you can set the
21:43 document or email similarity threshold
21:45 and the group item by themes. For
21:48 example, 70% for document and email
21:52 similar similarity threshold. And also
21:55 if you want to go with optical character
21:57 recognization that finds the content
22:00 from the images itself. So we can enable
22:02 that OCR at this place with the low
22:04 accuracy or the high accuracy depends on
22:06 your requirement. Now let's save the settings.
22:09 settings.
22:11 Come back
22:13 and there we go. And finally we have
22:16 review sets. This is again important
22:18 part but we will have dedicated uh you
22:21 can say option or the place where we are
22:23 going to discuss about this review for
22:25 just for now because this option came at
22:28 this place. So uh you can define this
22:30 review set is is is basically a static
22:34 set of documents uh where the reviewers
22:37 or the admins can analyze query or you
22:40 can say the view do tagging or export
22:44 the data in a case so that if you want
22:46 to enable for it you can turn it on or
22:49 turn it off depends on your requirement.
22:51 Okay. Now let's explore how we will do
22:54 the search inside the cases. Okay, let's
22:56 see how we can create the content by
23:00 using search for our case. So, so far we
23:02 saw that how we can create cases and as
23:04 you can see the cases are listing under
23:06 this case section under the eiscocovery.
23:08 Now let's go inside a particular case
23:11 and try to collect the content for it.
23:13 So for that we will create a search.
23:16 Let's click on that give a search name
23:19 description and create.
23:21 Once it is created, we are getting the
23:24 settings I mean the sources that we can
23:26 edit from where it is going to search.
23:27 So if I'll go to this place, let's go
23:30 and add the user first. If I selected
23:33 that user, so the associated mailbox and
23:35 any other you can say location is
23:36 associated with that user will get
23:38 listed. So in our case as you can see
23:40 right now the mailbox is there. Along
23:43 with the mailbox, we do have site I mean
23:45 one drive that is associated with the
23:47 user. Now let's add other things like
23:49 here we have a Microsoft 8 project team
23:51 and we would like to add the teams
23:54 project. Apart from that we have some
23:56 sharepoint documents that can also be
23:58 included and we do have different views.
24:00 So if I'll go to that place we have tree
24:02 views. If I click on that we will have
24:05 more clear visibility otherwise we need
24:06 to go and by clicking there you will
24:08 find this. So here you can see the
24:10 detail information related to this teams
24:13 and everything. Now once you specify the
24:15 data source locations click on save
24:18 button. So here we can see this that
24:20 user is listing. If you wish you can
24:23 also add the frequent collaborators with
24:25 this user. So to do that we just need to
24:27 click on that three dots and we you will
24:29 find this frequent collaborators. If
24:31 you'll go inside it, you will have the
24:34 clear visibility top 10 uh you can say
24:37 the most relevant or you can say the
24:39 frequent collaborator for the selected
24:42 user and you can select their locations
24:44 as well. So as you can see we selected
24:46 for Patty and Johnny their mailboxes and
24:52 the sites all. Now before going to find
24:54 the data or before executing the query
24:56 it is important to execute the sync
24:58 button because if anything else got
25:01 added related to that user or their
25:02 collaborators will be visible to that
25:04 place. So here you can see the moment
25:06 you synced it here it clearly says one
25:09 data source has updated updates
25:11 available. So we can go to that place
25:13 and we can check it out. If I'll go
25:16 there there is something called new and
25:17 we just need to click on edit button.
25:19 There we saw that okay something got
25:22 introduced so we just need to include in
25:25 that then resave it and now we are
25:27 getting three way to search the content
25:30 either we can go with the condition uh
25:33 builder or you can have keyword query
25:37 language keyql and search by file so
25:39 that's like a you can say orchestrated
25:42 way or you can say declarative approach
25:45 to search the content so if I'll go to
25:48 this place you have select filter. We
25:51 have multiple conditions like sender
25:54 operator equals any and then we are
25:57 going to select the user from this
25:59 particular place. Not only this, we can
26:01 have more than one condition that you
26:03 can add it like recipient equals to this
26:05 or maybe date between this particular
26:08 keyword like this and you have sensitive
26:11 type sensitivity label and identifier.
26:13 So this this is the new eiscocovery
26:16 experience. So they have added some new
26:20 filter that we can use to uh add it in
26:22 our query builders. So this identifier
26:25 filter will help to find the exact uh
26:27 you can say item that matches the input
26:30 identifier message ID from exchange
26:32 mailboxes or the document path or one
26:34 drive site you can say sharepoint sites
26:37 and other thing. Now if I'll go to this
26:40 place we created. Now let's close it and
26:44 see how we can use this key. If I go to
26:46 that place, if you know the language and
26:49 the way of writing it, you can directly
26:50 start defining it because that's the
26:53 editor. But if you're not familiar and
26:55 having difficulty to write the complex
26:56 one, we can get a benefit of this
26:59 Microsoft copilot. So if you have the
27:02 Microsoft copilot license and uh that is
27:04 integrated with this poo you just need
27:06 to click on that and there you are going
27:10 to write your requirement uh just like a
27:13 normal prompt and there it is going to
27:16 give you the keyql. So if I click on
27:19 generate keyql here it will generate
27:22 that keyl and we can copy that keyl and
27:24 put it inside that keyword query
27:26 language builder section and it will
27:28 start searching as for that. The third
27:30 option that you can see search by file
27:33 we have and there you can clearly it
27:36 says upload one or more file to find
27:38 related or similar content for a
27:40 specific investigation. So if I'll go to
27:43 this attach file there we have either
27:45 find similar content in a txt or the
27:48 CSV. If I click on the CSV we can upload
27:50 the content and it will start searching
27:52 similar to that. So as you can see that
27:55 got listed here. Okay. Now let's come
27:57 back to the condition builder because we
28:00 tested it for uh we saw that how we can
28:03 do it for condition keyword query
28:06 language and search file. So we can now
28:08 write it depends on what a skill you
28:09 have and which will meet your
28:12 requirement and then we have to execute
28:14 this run query. In our scenario we do
28:17 not have any condition. So it will start
28:19 searching for everything related to the
28:20 user and the sources that we have
28:23 defined as a data source. Now let's go
28:25 and click on run query. And here we are
28:28 getting two option.
28:31 So if you read this it says format query
28:34 results. Select the type of query result
28:36 you want to view the statistics or the sample.
28:38 sample.
28:40 So if I'll go to sample, it gives you
28:41 okay select the number of sample item
28:43 generated per location and select the
28:45 number of location to generate sample
28:47 files or we can go with the statistics.
28:50 The statistics is more useful in the
28:52 real world. So let's go include
28:54 categories. If I select this one, if you
28:56 read it, it says refine your view to
28:57 include people sensitive information
29:01 type item types and errors. include
29:04 query keyword reports. So SSS keyword
29:06 relevance for the different part of your
29:09 search query and investigate partially
29:11 indexed item. We can we can perform
29:13 advanced indexing on partially index
29:16 items as well as uh you can say exclude
29:18 partially index item in locations
29:21 without search item. In this case we
29:23 will be going with the advanced one.
29:25 We'll select that
29:28 and now we are going to run this query.
29:30 So here it will show you the complete
29:33 process the calculation time and the
29:35 progress whatever time it takes to f
29:38 those information and give you to to
29:41 you. So it's completed and now you can
29:42 see the informations are loading and
29:45 there we got something called search
29:48 locations and the data source and we do
29:50 have some download report for some of
29:52 them but if you want to get the complete
29:54 report we have this option from there we
29:56 can download this complete report. There
29:58 you can see this report got downloaded.
30:00 Now if I'll go to that button there we
30:02 have view settings as well. So related
30:03 to this search setting you have the
30:06 clear visibility what you have selected.
30:08 So just now we selected this statistics
30:10 view that we are able to see that. Now
30:13 if I scroll it down as you can see it
30:15 gives you the clear visibility in detail
30:18 like top keywords that we have used in a
30:20 search. So if I click on that view top
30:23 100 it will show you all these 100
30:25 keywords that it has used. So we have
30:27 killer visibility and even we can
30:30 download the conditions report as well.
30:32 Now if I'll scroll it down we do have
30:34 other informations as well as you can
30:36 see the top location type and other
30:38 things. If I have to generate the sample
30:40 data that is also possible. If I'll go
30:41 to that place and we can generate the
30:43 sample results as well. This is useful
30:46 in a scenario before finalizing. If I
30:48 want to check how my findings works at
30:50 this place in that case we will go and
30:53 generate this sample report. So if I run
30:55 this query, it will generate it and
30:57 provide you the complete details at this place.
30:59 place.
31:01 So once the result have been generated,
31:04 we can review the items. For example, if
31:06 I selected this one and there we are
31:09 getting this um uh source view as you
31:11 can see inside that we got this what
31:15 item got finded and how it looks like in
31:18 a native application. Then if I'll go to
31:20 the next one there we can see again we
31:22 are finding the source and their
31:24 complete detail. Along with that we have
31:27 process manager. So after reviewing this
31:30 aesthetics and a sample of query result
31:32 we can modify the data source and query
31:35 as needed and once you are you can say
31:38 satisfied you can add the full query
31:40 result to a review set or export the
31:43 content directly at any point of time.
31:45 At any time you can monitor the status
31:48 of your running jobs and that can be
31:49 done with the help of process manager.
31:51 So if you click there you have the
31:53 killer visibility about your running
31:56 jobs and this pan will provide an
31:59 overview of the process and the button
32:02 to copy the support information in case
32:06 it is needed for troubleshooting. Now if
32:07 I'll go to the setting tabs there it
32:10 tells you the complete again that shows
32:12 the setting that were used when the
32:15 process was ex executed and you can also
32:17 download the details summary report
32:19 containing all relevant information for
32:21 the process.
32:23 As you can see this report is ready for
32:26 you. Now if I click on open here it will
32:28 show you the complete report. If I click
32:31 to that place here, it tells you that
32:34 each file whatever you saw there it
32:37 contains the you can say detailed meta
32:39 data which help you to get additional
32:41 insights. Okay. Now we saw that how we
32:43 are going to do the search. Now after
32:46 that whatever the document or the you
32:48 can say data we collected there might be
32:50 possibility we have to preserve those
32:53 data as evidence. So how we are going to
32:55 preserve it by creating hold? Let's
32:57 explore it. Okay, let's see how we are
33:02 going to create um hold on the cases. As
33:04 we logged in on the Microsoft Pview and
33:07 we are inside this cases, right? So as
33:09 an eiscocovery manager we can create
33:13 hold to preserve content for a case. So
33:16 let's click on the one of the case and
33:18 there you can see just after the search
33:21 we have hold policies. So we will click
33:24 on the hold policies and there we are
33:26 going to create a policy. There we'll
33:28 give the name for the hold policy and
33:31 let's click on create button. Now we
33:32 need to define the data sources and
33:35 there we are going to click on edit and
33:37 at this place we are going to define it.
33:39 If I'll go to that place we selected
33:41 that user and as you can see the user
33:43 related mailbox and site got listed
33:45 here. We are going to define the project
33:49 teams. We will define our product
33:52 development. We will define our project
33:56 locations and everything that depends.
33:58 So when you add a distribution group,
34:01 the mailbox of its current member will
34:04 also get added at this place. Now let's
34:07 click on save. And there again we have
34:10 three dot where we can add the frequent
34:13 collaborators the similar way the way we
34:15 added for the search. So we can go to
34:17 that place and select the frequent
34:20 collaborators as well and click on save.
34:22 Now we are getting two option to search
34:24 those content either we can go with the
34:27 condition builder or keyword query
34:30 language. If I'll go to that place there
34:32 we can select again the condition like
34:35 type and here we will select the equals
34:38 any of and a particular value like email
34:41 message or maybe the documents or
34:44 instant message or co-pilot activity all
34:45 this depends on your requirement
34:47 whatever you're looking for then we can
34:50 add some more like date in between or
34:52 maybe after this particular date that we
34:56 can specify for example 1st June 2024
34:58 and the similar thing we can define it
35:00 at this place. As I mentioned before
35:04 executing we must sync it. So if it has
35:06 anything else newly added that will get
35:08 added at this place. In this case there
35:10 is nothing. So now we will apply the
35:12 hold. So whatever the location that we
35:14 have defined there the hold will get
35:18 applied. Now once it is applied as you
35:21 can see it will perform as per their you
35:23 can say duration depends on what you
35:26 have selected and how much you can say
35:28 data source you have and there you will
35:30 get the complete details. So this page
35:34 will provide a summary of the content um
35:36 that you have put it on the hold
35:38 including the number of locations and
35:41 the data sources on hold. So if I scroll
35:43 it down here you will get the complete
35:45 details. So let's pick that user and you
35:47 will have the complete detail. Now let's
35:50 close it and go up. There we have again
35:52 process manager. So we can check it out
35:55 if any you can say process which is
35:56 still running for this hold. So you can
35:58 see applying the updating hold and the
36:00 status you can see this is completed. So
36:02 if I'll go to that place there we have
36:04 again applying update hold clear
36:06 visibility at what time that got
36:09 completed and created and we do have the
36:10 report option as well that we can
36:13 download. Now let's close this one. And
36:15 there we have policy actions. If I click
36:18 here, we can turn off, we can turn it
36:21 on, we can retry the policy, delete it.
36:24 So for each of these action, a new hold
36:26 policy process will initiated and this
36:29 process progress and the relevant
36:31 information can be checked from the
36:34 process manager. So depends on your
36:36 requirement you can pick any of this
36:38 like for example turn off it will give
36:40 you the turn off policy description
36:42 might result a permanent deletion of any
36:45 content currently being reser preserved.
36:47 So let's continue editing. Okay. So
36:50 initially we talked about the review set
36:51 what exactly it is and what's the
36:54 benefit of it. So now let let's see how
36:56 we are going to create review set in
36:58 eiscocovery. Let's see how we are going
37:00 to do the review sets. So here as you
37:02 can see we already logged in on a pview
37:05 portal and we have cases available.
37:08 Let's click on the case and there we
37:10 have this option called review sets. So
37:12 from here we can start creating the
37:15 review set. But uh as we just talked
37:19 this review set uh you can say is a
37:21 basically a content from the Microsoft
37:24 365 or you can say non- Microsoft 365
37:26 data source also can be included at this
37:31 place to analyze query view tag or
37:36 export. So we can create from here or we
37:38 can create from the search tab itself.
37:40 So if I'll go to that place if you
37:42 already have search created we can
37:44 create the review set from there as
37:46 well. So if I click at this place there
37:48 you can see we have data sources because
37:51 the search is already created and it is
37:53 highly recommended whenever you're going
37:55 to do anything first sync it. So if any
37:58 source got some update that will get
38:00 listed here. We do not have any update
38:03 for this that is good. And now there we
38:05 are getting this option to add a review
38:07 set. So we can click to create the
38:09 review set from here as well. So let's
38:12 click from here and here we are going to
38:15 give the name for the review set. So
38:18 let's provide the name. And now we are
38:21 going to specify the item that will be
38:23 part of your review set. For example, we
38:26 can include indexed item that match your
38:28 search query and partially index item
38:30 that may not match your search query. So
38:33 it depends on your requirement. We will
38:36 pick our selection. Now as you can see
38:40 we have other option which is about OSP
38:43 means we can specify what will be
38:46 included for you can say files from the
38:48 one drive and the sharepoint sites
38:51 either the latest version only or the
38:54 recent 10 versions 100 versions depends
38:55 on your requirement you're going to pick
38:57 it out.
39:00 Now here we have
39:02 spec we can specify what to include for
39:05 messages and related items for mailboxes
39:08 or the exchange online and by default
39:10 this eiscocovery threads contextual chat
39:14 message into an HTML transcript for you
39:18 can say of review that is included here.
39:20 We can collect those information either
39:24 from uh you can say the share point one
39:26 drive and that can also be included at
39:31 this place. Now add the review set and
39:34 now the review set as we created and we
39:37 are able to see that. So for more detail
39:40 let's navigate in a detail pan and there
39:43 you can see we have manage option. So it
39:45 includes lot of documents like your
39:46 email would be there, document,
39:48 shareepoint content, team messages and
39:51 chat messages would be there. So let's
39:53 expand it. There is a load set and we
39:56 can check our load set from here. Also
39:59 we have tags. So if I come to that that
40:01 place, we can import the tag. If you
40:03 have already created that can be
40:06 imported from here or we can create our
40:09 new tag as well from this scratch. So
40:12 for that we need to provide the name and
40:15 then we are going to add the tag group
40:17 name at tags
40:20 and let's save it.
40:22 Let's close.
40:24 Now here we can use the filter to review
40:27 documents more efficiently by focusing
40:29 on a subset of documents that meet the
40:31 criteria you define. So if I'll come to
40:34 this place select a filter and there we
40:37 are going to select as per our
40:39 requirements like keywords here we can
40:42 select the operators and there we are
40:44 going to define the keywords that we are
40:47 looking for and we got this information
40:50 related to that keyword here we do have
40:51 some more condition that you can put it
40:54 all together so maybe I'm looking for a
40:58 particular date after and then I'm going
41:01 to select that so now I'm getting this
41:04 information filtered it out as per this
41:06 selection which we just did it. Now
41:09 let's delete it and we can create some
41:12 more KQL B. So if I'll go to that place
41:15 search operator equals to and there we
41:17 are going to define the KQL query that
41:20 we can use to find that. Now similarly
41:22 if I'll go to that place we have the
41:27 group section. We can group this item u
41:30 to make it more useful. I mean uh it
41:32 would be easy for the reviewers. So by
41:34 default the content is grouped by the
41:38 conversation and related related items.
41:40 We can also choose to group as for the
41:43 family attachment or not group content
41:46 for all depends on your requirement. So
41:49 group by family families and there you
41:51 can see we are getting all the mail
41:54 related PowerPoint Excel and so on. So
41:56 if I expand it there we are getting all
41:59 this information here at this place
42:02 related to that. So once it is filtered
42:04 and organized the content we can
42:07 efficiently review the items whatever is
42:10 uh you can expected for review. Now if
42:12 you can go and open this individually
42:14 there we have this complete sources and
42:17 you have the clear visibility of it. If
42:19 you have integrated or you have the
42:22 license of co-pilot, security co-pilot,
42:24 you can summarize it by going to that
42:26 place. So the co-pilot will help you to
42:29 get this information in detail and help
42:32 you to better review the content and the
42:35 findings. We can also make a query to
42:37 that co-pilot that will help you to find
42:40 those information on a right direction
42:42 or right way the way you are looking
42:44 for. Similarly, if I'll come to this
42:46 place there, we have again summarize
42:48 button and we can go and summarize it.
42:51 And as I said, we can also have the
42:53 prompt that we can use. So that's a
42:55 summary that we can specify. And if I'll
42:57 go and ask something, the co-pilot can
43:01 help you out to find and again give you
43:03 the answer as your request. Now let's
43:06 close this one and come back to some
43:09 other document. That's our you can say
43:12 contoso search research document. If I
43:15 go and expand it there we are getting or
43:17 you can see the excel document
43:19 containing sensitive research and the
43:21 development information. It depends on
43:23 any requirement what you want to
43:25 explore. Similarly we got this um you
43:28 can say the teams. So you can review the
43:31 trade conversation to gain more context
43:34 or uh towards your investigation. If
43:36 I'll go that place there we have the
43:38 complete trade available. Similarly this
43:41 is the word comment for investigation.
43:43 So as you can see at this place what
43:45 document was flagged and we are able to
43:47 see this complete source. We also have
43:50 the plain text to do analytics quickly
43:54 and we have annotate so we can go and
43:56 analyze whatever we are finding at this
43:59 place we can annotate it by going to
44:02 this place. So that would be easy to
44:04 refer or because we are the reviewer so
44:07 we are going to define it and mark it
44:08 whatever the finding that we are looking
44:11 for. Now area reductions we have
44:14 reducted we have metadata and we can
44:16 make a note of those metadata. So here
44:20 we can pin that. So there we can search
44:23 and then pin it. Similarly search the
44:25 information that we're looking for and
44:27 pin it.
44:30 Now let's close it. And there we have
44:31 another document. If I'll go to this
44:33 place there we have update notes. that
44:35 note we can also add at this place so
44:38 that it would be easy for the reviewer
44:40 or analyzers.
44:43 Now we have tag files.
44:45 So once we are ready we can tag this
44:47 document using the tag value that we
44:49 have defined previously. So here we can
44:51 go and select the tag as per your
44:53 requirement. Document is responsive or
44:56 not depends on your requirement and
44:58 findings. Similarly I'll go to that
45:01 place and we can tag multiple. It's not
45:04 just one. So we can select more than one
45:06 and there we have tag files. So we can
45:09 select whatever it is as for that. So
45:12 the tag can be applied to one or
45:14 multiple documents all together. And now
45:17 we are getting this analytics. So that
45:19 eiscocovery provides you the analytics
45:21 tool that can help you to organize
45:23 documents and reduce the volume of
45:26 documents without information loss. So
45:28 if I click there, here we have run
45:31 document and email analytics. If I click
45:34 here, it will take you I mean it will
45:37 take some time and then we'll provide
45:39 you the analytics results. So if I say
45:41 yes, click on okay. Now if I'll go to
45:44 the action, we have this report ready
45:46 and we can click here. Now we are able
45:48 to see this complete uh you can say
45:50 analytics reports like target,
45:52 population, documents, emails,
45:56 attachment everything. Okay. So now we
45:57 are going to see how we can export the
46:00 data we found offline. So we can present
46:02 those to someone externals those who can
46:05 use and present those as evidence. Let's
46:08 see how we are going to export the data.
46:11 So here we already created some cases.
46:13 Let's go inside the case. And we have
46:17 searches available. So within the case
46:19 there are two location you can export
46:22 the data from a search or the review
46:25 set. First open the existing search for
46:27 the case. Let's go there. And there we
46:30 are getting this export button. So we
46:31 can export our search directly from
46:34 here. We will give the export name,
46:36 export description and the item that
46:41 should include to your export. Right? So
46:42 this is the first way. Now we can
46:46 cancel, go back and there other way is
46:48 review set. So if I come to this place
46:49 there you can see we have already
46:52 created one review set. In the previous
46:54 demonstration you must have seen that.
46:56 Now if I'll go inside it there we can
46:58 open this review set. We already
47:00 performed the analytics and tagging
47:02 everything. So we can go to that place.
47:05 We will search it as per the tag which
47:07 we have already created. Now we are
47:10 going to equals any like document is
47:14 responsive or not. And there we can have
47:17 action to export those. So we can click
47:19 on export. Again we will give the export
47:22 name. There we are going to define all
47:24 documents to review or all filter
47:27 documents or you have export type as
47:30 also that we can define which is export
47:32 item with the item report and organize
47:35 data from different locations into
47:38 separate folder or PSD or include folder
47:41 and path structure of a source depends
47:43 on your requirement you can select that
47:46 and finally we are going to create on
47:49 create export. Now it says an export
47:51 process has been submitted and please go
47:53 to the process manager to track the
47:56 progress and download exported content.
47:58 So if I click okay there we are getting
48:00 process manager. If I click to that
48:02 place there we have export button and as
48:04 you can see right now the status is in
48:07 progress. If I click on that export that
48:09 will show you the progress complete
48:11 whatever is going on. As you can see it
48:13 is calculating the time remaining and it
48:15 will show you how much time is remaining
48:19 for that. So now this is completed the
48:20 process is completed and we are able to
48:24 see the packages here the files that got
48:27 filter it out for the export. Now we can
48:28 select that one and we have download
48:30 this package. We will click on this
48:33 download and there it's downloading.
48:35 Once this download is completed we can
48:36 open this folder and there we are
48:38 getting this summary page. If I'll go
48:40 and open this summary page that gives
48:44 you the complete information that how
48:46 and how much finding it has done. As you
48:48 can see the export name, export ID, case
48:51 name, case ID, export started by and so
48:54 on. All this information we are getting.
48:56 Let's close it and go inside that actual
48:59 data. There we are getting export load
49:02 file. If I'll go and open that, that
49:04 will tell you what exactly it has found.
49:07 So you can see here. So this contains
49:10 the complete meta data such as location
49:13 of each file that is stored in the
49:15 chipped file and it can also include
49:17 additional metadata generated after
49:20 running analytics for review set which
49:23 can be used to optimize review projects
49:25 when running the analytics job. So here
49:27 you can see this complete information
49:29 that we are getting.
49:31 That's a complete metadata that we are
49:33 getting at this place.
49:36 Okay. Now let's close it.
49:38 and go to this warning and errors. There
49:40 might be possibility some of the file
49:41 didn't get export because of the
49:44 limitations or might might be permission
49:46 or other issue would be there. So that
49:48 this particular file includes the
49:51 information about the error encountered
49:53 while trying to export from the review
49:56 site. You can scroll it and you will
49:59 have the detail of that. Now if I'll go
50:01 to the exchange folder and here you will
50:03 see the complete exported exchange items.
50:05 items.
50:06 There we have a shareepoint and it
50:09 provides you the complete SharePoint
50:11 site related and it has been categorized
50:13 in a folder. So research and development
50:15 will have all the documents related to
50:19 that and so on. Now not only this so
50:22 here if you can see Microsoft tells you
50:26 that hey we do have graph rest API so
50:27 programmatically you can reach out to
50:30 that place and face those information
50:32 depends on your requirement. Even for
50:34 eiscocovery we are getting this graph
50:36 API as I mentioned it's going to be
50:38 really good for the organization those
50:40 who are into the automation or they
50:42 might might have some different
50:44 application where they want to include
50:46 all this information and provide such
50:48 information either to their team or the
50:50 customers or maybe someone who are
50:53 involved in this case. So it would be
50:55 easy programmatically they can face
50:57 those information from this and this is
50:59 what Microsoft says at this place. If I
51:01 scroll it down there, you can see all
51:04 the details related to the eiscocovery
51:06 we have and the possibilities there. So
51:08 for example, if I click here, there we
51:10 have a eiscocovery case. There you have
51:12 properties, methods and you can see all
51:15 their methods are listing at this place.
51:19 Okay. So finally we understood what
51:21 exactly eiscocovery is and how we can do
51:24 it in Microsoft pool view. So, thank you
