Disclaimer

This document is not meant to replace any official documentation, including those found at docs.microsoft.com.  Those documents are continually updated and maintained by Microsoft Corporation.  If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed.  Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.

All the following steps should be done with test data, and where possible, testing should be performed in a test environment.  Testing should never be performed against production data.

 

Target Audience

Presales Technical Specialist running Endpoint DLP testing

 

 

Document Scope

This document is for Compliance Technical Specialists troubleshooting Endpoint DLP issues and Endpoint Devices.

The purpose of this document (and series) is to provide the insights into various user cases, announcements, customer driven questions, etc.

 

 

Topics for this blog entry

Here are the topics covered in this issue of the blog:

• Where to find Purview blogs
• eDiscovery and division of labor

 

 

Out-of-Scope

 

This blog series and entry is only meant to provide information, but for your specific use cases or needs, it is recommended that you contact your Microsoft Account Team to find other possible solutions to your needs.

 

 

Purview Blogs – Where can you find the Purview Product Team Blogs?

 

 

PM blog - Improving eDiscovery in Microsoft Teams and Legal hold workflows with Microsoft Purview eDiscovery - Microsoft Tech Community

Microsoft Priva Privacy Risk Management | Microsoft Security

Podcast - Data governance with Microsoft | Uncovering Hidden Risks podcast

Expanded audit events with Advanced Audit - Microsoft Community Hub

Customize retention for your requirements | Microsoft Purview

endpoint DLP, Data Loss Prevention (microsoft.com)

Support modern collaboration and improve workflows with Microsoft Purview eDiscovery - Microsoft Community Hub

Protect and manage privacy with Microsoft Priva - Microsoft Community Hub

 

eDiscovery – Division of labor (review/export) within a case

 

Use Case:

An organization wants to divide labor within an eDiscovery case specifically review and export of data.

 

Here is an example:

There are two groups (Group A and Group B) of users that will be part of the same Legal (or HR) case.

• Group A consists of C-Level employees
• Group B consists of the executive assistants for Group A.

Legal has 2 investigators (User 1 and User 2) that will be searching the data, but each user can only review/export the data for each group their corresponding group.  Here is how that would be mapped out.

• User 1 (Sally) –> Group A (C-Level employees)
  • Group A will be limited to keywords and any items with attachments over the specified date range
• User 2 (John) –> Group B (executive assistants)
  • Group B will include all items over a specific date range.

 

 

Organizational Concerns:

User 1 (Sally) should only be able review/export data for Group A, and User 2 (John) should only be able review/export data for Group B.

 

 

Question:

How do you divide the labor within an eDiscovery case?

 

 

Response:

Here are the eDiscovery permissions/roles that can be farmed out within an eDiscovery case.

• Communication
• Compliance Search
• Custodian
• Export
• Hold
• Preview
• Review (review set)
• RMS Decrypt

What does this mean?  Within case, you can let one user create the case, another perform searches, a third review the data, a fourth export the data, etc.

 

Returning to the use case, you cannot create 2 separate Review Sets and then have the legal officers search the corresponding review sets.

Your option, as of today, is to create 2 different cases, one for each investigator and each use case.

• Case A ---> User 1 (Sally) --–> Group A (C-Level employees)
  • Group A will be limited to keywords and any items with attachments over the specified date range
  • User 1 (Sally) who runs the search, hold, adds data to the Review Set, performs the review and exports

 

• Case B ---> User 2 (John)-- –> Group B (executive assistants)
  • Group B will include all items over a specific date range.
  • User 2 (John) who runs the search, hold, adds data to the Review Set, performs the review and exports

 

Note – you could also layer on a 3^rd legal officer and let them do all the search for one or both of the groups.  Here’s how that would look.

• Case A ---> User 3 (Gary) ---> User 1 (Sally) –> Group A (C-Level employees)
  • Group A will be limited to keywords and any items with attachments over the specified date range
  • User 3 (Gary) who runs the search, hold, and adds data to the Review Set
  • User 1 (Sally) who performs the review and exports

 

• Case B ---> User 3 (Gary) ---> User 2 (John) --–> Group B (executive assistants)
  • Group B will include all items over a specific date range.
  • User 3 (Gary) who runs the search, hold, and adds data to the Review Set
  • User 2 (John) who performs the review and exports

 

Appendix and Links

Roles and role groups in the Microsoft 365 Defender and Microsoft Purview compliance portals - Office 365 | Microsoft Learn

Manage review sets in eDiscovery (Premium) - Microsoft Purview (compliance) | Microsoft Learn

Set up eDiscovery (Premium) in Microsoft Purview - Microsoft Purview (compliance) | Microsoft Learn

Configure permissions filtering for eDiscovery - Microsoft Purview (compliance) | Microsoft Learn

Assign eDiscovery permissions in the Microsoft Purview compliance portal - Microsoft Purview (compliance) | Microsoft Learn