SharePoint and Exchange Online eDiscovery Transitioning to Office 365 Security & Compliance Center

Microsoft

UPDATE

 

In January we announced changes to be implemented on July 1, 2017 to the SharePoint and Exchange eDiscovery capabilities (see https://techcommunity.microsoft.com/t5/SharePoint/SharePoint-and-Exchange-Online-eDiscovery-Transiti...).

 

Due to the delayed release of a feature that will allow you to copy the results of an eDiscovery search in the Office 365 Security & Compliance Center to a discovery mailbox, we’re postponing the decommissioning of new In-Place eDiscovery searches and In-Place Holds in Exchange Online.  You will continue be able to create new searches and holds in the Exchange admin center until further notice.

It still remains that you will not be able to create new cases in the SharePoint Online eDiscovery Center after July 1, 2017. 

 

We'll continue to update this articles as we work to deliver the feature mentioned above.

Overview

On July 1, 2017, Microsoft will disable the ability to create new In-Place eDiscovery searches and In-Place Holds (*-MailboxSearch) in the Exchange Admin Center in Exchange Online. We’ll also disable the creation of new cases in the eDiscovery Center in SharePoint Online. Instead, we invite you to use the Security & Compliance Center to fulfill your organization’s eDiscovery needs. In both cases, you will still be able to edit and run existing searches in the Exchange Admin Center and work with existing cases in the SharePoint eDiscovery Center.

 

Microsoft is decommissioning these eDiscovery tools because of their limited breadth across Office 365 services.  The Security & Compliance Center supports permissions, cases, holds and exports as well as Advanced eDiscovery features such as Themes, Email Threading, Near Duplicate Detections, and Predictive coding.  These changes only apply to the Exchange Admin Center in Exchange Online and the eDiscovery Center in SharePoint Online.  On-premises and dedicated deployments of these tools will continue to be supported.

FAQ:

Where can I learn more about eDiscovery in the Office 365 Security & Compliance Center?

https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bf...

 

Where can I learn more about Advanced eDiscovery in Office 365?

https://support.office.com/en-us/article/eDiscovery-in-Office-365-143b3ab8-8cb0-4036-a5fc-6536d837bf...

 

Does this change my Office 365 pricing or plan?

Although Advanced eDiscovery requires E5 Licensing, the base eDiscovery offering is available for all enterprise plans.

 

When will this happen?

New cases in the eDiscovery Center in SharePoint Online and new In-Place eDiscovery searches and holds in the Exchange Admin Center will be disabled on July 1, 2017. This might vary slightly based on the actual deployment schedule.

 

Will I still have access to my existing cases in the SharePoint eDiscovery Center?

Yes, you can continue to interact will all existing cases, you can add searches, holds and export from these cases.  We are only removing the ability to add new cases.  All new cases should be created in the Security & Compliance Center. For more information, see Manage eDiscovery cases in the Office 365 Security & Compliance Center.

 

Will I still have access to my existing searches and holds in the Exchange Admin Center?

Yes, you can continue to interact with all existing searches and holds in the Exchange Admin Center.  We are only removing the capability to create new searches.  All new searches should be created in the Security & Compliance Center. For more information, see Run a Content Search in the Office 365 Security & Compliance Center.

 

I use the Exchange Admin Center or SharePoint eDiscovery Center for Retention and Preservation, how do I do this now?

The Security & Compliance Center has a full set of features for preserving content. For more information, see Overview of preservation policies.

 

Can I migrate searches in the Exchange Admin Center or cases in the SharePoint eDiscovery Center to the Security & Compliance Center?

No. eDiscovery cases in the Security & Compliance Center and cases in the eDiscovery Center in SharePoint Online are completely different objects, and their underlying architecture is also different. The same is true for In-Place eDiscovery searches in the Exchange Admin Center and Content Searches the Security & Compliance Center. Thus, existing cases and searches can't be migrated to the Security & Compliance Center. If you have existing cases in the eDiscovery Center, we recommend that you continue to manage them in the eDiscovery Center until they are completed and you close them. If you need to support a new legal investigation in your organization, we recommend that you use eDiscovery cases in the Security & Compliance Center.

 

If you have existing searches in the Exchange Admin Center, you can create a corresponding Content Search in the Security & Compliance Center.

 

What about my existing holds, will they continue to preserve data?

Yes, all existing holds from the Exchange Admin Center and eDiscovery Center will continue to hold content. Only the creation of new In-Place Holds in the Exchange Admin Center and new cases in the SharePoint eDiscovery center are being disabled.

 

How do I get access to the Security & Compliance Center?

By default, global administrators have access to the Security & Compliance Center. Administrators can assign permissions to other users so they can the eDiscovery tools in the Security & Compliance Center.

 

How do I access the Security & Compliance Center?

You can navigate directly from https://protection.office.com/ or from the app launcher, choose the Security & Compliance tile.

16 Replies

Beat you to it with few days :) Awesome FAQ though, much appreciated.

Thanks, this is good news.

 

When will the S&C center get the ability to perform e-Discover on content in Yammer, Teams, Sway and all of the other services available in O365?

We’re working on our plan for Teams, it’s in our vision to have all services available to eDiscovery, until then, you can use 3rd party vendors, more information here: https://blogs.office.com/2015/06/30/announcing-archiving-for-non-microsoft-data-in-office-365/ and here: https://technet.microsoft.com/EN-US/library/mt621583.aspx.

We use in place holds to archive terminated user mailboxes for one of our delegated clients, and are concerned that this functionality will not be available moving forward. 

 

What is the recommendation for making deleted mailboxes available to search? We'd rather not have to keep terminated user mailboxes as shared folders forever.  

Is it possible to prevent certain users from doing a particular type of eDiscovery? we've got an Exchange team that does it that is not the same as the SharePoint team that does it, and we'd rather not "cross the streams"

One way to do that would be for the eDiscover Manager to create 2 separate Cases: one for the email and another for the SP Content, they could assign different people to each case, see https://support.office.com/en-us/article/Manage-eDiscovery-cases-in-the-Office-365-Security-Complian... for the details.

 

If you have a lot of eDiscover cases, i would expect this to get complicated and create a lot of extra work. I would use this as opporunity to begin breaking down some of the silo barriers between the teams. Maybe you could create an eDiscovery team with members from the various workloads, after they got familiar with their new responsibilities, they could get introduced to DLP, IRM and other services that apply to multiple workloads.

 

Organizations need to treat O365 as an integrated system of services that should be managed holistically. e.g., the SP people need to learn about idenity, licenses and mail, and the Exchange people need to learn about Delve, Planner, etc.

I assume this means Office 365 Groups and all associated services can be a part of new eDiscovery process. Can you confirm? In another words, I can target a O365G and not worry about where content resides, yes ?
That is how it WILL be (based on "Office 365 Groups preservation and deletion policy" on the Roadmap), but isn't in place today.

Preservation and Deletion feature in the roadmap sounds to me as a part of Data Governance -> Retention feature more so than eDiscovery. However, I can see how this method can be leveraged as a part of 'holds' in an eDiscovery case. What I'd like to understand is that typical 'searches' of content in the Security & Compliance center as a part of eDiscovery case, to be "borderless" and be able to search across content, let it be a conversation, a file or a Plan for an Office 365 Group. That's what I'd like to get better clarity.

How will we get the search results copied from an eDiscovery search into a Discovery Mailbox?

 

I don't see this option in the Security & Compliance center.

 

Losing this functionality would cause a major issue for our organization.

 


@Greg K wrote:

How will we get the search results copied from an eDiscovery search into a Discovery Mailbox?

 

Losing this functionality would cause a major issue for our organization.

 


I am trying to figure this out, and have yet to find a solution.  Can anyone formally comment on this?  This is also a much used functionality in our organization, and the only alternative i'm finding is to download it to an admin's computer, then figure out how to share it from there.  Very inefficient.

 

https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/Copy-search-results-into-a-Discov...

Well, remember that eDiscovery in the SCC spans across all workloads, Discovery mailbox isnt really a suitable location to store SharePoint document library results for example. But no, I'm not aware of any option to copy the results to a mailbox, neither in the UI or via PowerShell.

 

If you are searching mailboxes only, use the Exchange toolset, no need to use the SCC.

But they are shutting that side of it down come July 1 right?

"Starting July 1, 2017, you won't be able to use the EAC to create searches in Exchange Online. Please start using Content Search in the Security & Compliance Center. "

Search-Mailbox should still work though, but maybe I'm assuming too much. Let me see if I can get someone from Microsoft to clarify.

Didn't think about the PowerShell angle

More quotes, though not clear if the *-MailboxSearch rules out Search-Mailbox command:

"On July 1st, 2017 eDiscovery will also be unified in the Office 365 Security and Compliance Center. After July 1st, 2017 the ability to create new In-Place eDiscovery searches and In-Place Holds (*-MailboxSearch) in the Exchange Admin Center in Exchange Online and the creation of new cases in the eDiscovery Center in SharePoint Online will be disabled and new cases and searches should be created and managed through the Office 365 Security & Compliance Center to fulfill eDiscovery needs. In both cases, you will still be able to edit and run existing searches in the Exchange Admin Center and work with existing cases in the SharePoint eDiscovery Center."

https://blogs.technet.microsoft.com/wbaer/2017/02/20/unified-ediscovery-and-data-loss-prevention-in-...