Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Exchange Online eDiscovery Transitioning to Office 365 Security & Compliance Center - Permissions

Copper Contributor

Hello Team,

Is there currently a way to add a security group to the the Ediscovery Adminitrator role in the new Security and compliance module in o365.


Current it appears that one has to add individual users to the role.


Appreciate your answers.


Bosco Joseph

5 Replies

Also is MS planning on providing any scripts to migrate the existing disovery searches in EXO to the new module.

You can add groups, via PowerShell:


# Get-CRoleGroupMember -Identity "Supervisory Review"

Name         RecipientType
----         -------------
Vasil Michev MailUser

# Add-CRoleGroupMember -Identity "Supervisory Review" -Member secgrp

# Get-CRoleGroupMember -Identity "Supervisory Review"

Name         RecipientType
----         -------------
Vasil Michev MailUser
secgrp       MailUniversalSecurityGroup


On the second question, the answer is no, at least last time we asked this they had no plans of doing anything similar. Old searches will remain in ExO, you simply wont be able to create new ones.

Thanks Vasil for your inputs..
However I was looking to add a sec grp only to the "eDiscovery Administrator" grp which is a sub role within the eDiscoveryManager role group.

Don't see the "eDiscovery Administrator" role group listed when I pipe my get-rolegroup


I was able to add a grp to the eDiscoveryManager role but was unable to find the "eDiscovery Administrator.

Not sure on that part, I think it's a different role assignment, however the relevant cmdlets are not available for the Protection center PowerShell...

Finally got some time to look at this. So, this is the situation: you can use the Add-RoleGroupMember cmdlet to add users to the Role Group, as you would do in Exchange, this makes them eDiscovery Managers. To make a user eDiscovery Admin, you need to use the Add-CeDiscoveryCaseAdmin cmdlet. This is not tied in to specific eDiscovery case, he will have Admin access to all eDiscovery cases.


The cmdlet is really easy to use:


Add-CeDiscoveryCaseAdmin -User vasil


where "C" is the prefix I use for the SCC cmdlets.