2. eDiscovery and Microsoft Teams
Global Security and Compliance Conference 2022 2
#GSCC
Microsoft Purview
3. Sponsor
Global Security and Compliance Conference 2022 3
Wir bedanken uns bei unseren Sponsoren ohne diese die Konferenz nicht möglich
gewesen ist.
KöllnService GmbH
Noovic GmbH
4. Albert Hoitingh
Sr. Consultant Compliance & Risk
Lead Compliance Expert Team @InSpark
The Hague – The Netherlands
Microsoft Security MVP
CISSP
Global Security and Compliance Conference 2022 4
@Alberthoitingh
https://linkedin.com/in/appieh
https://alberthoitingh.com
5. Agenda
• Look at Microsoft 365 eDiscovery options
• How to use eDiscovery with Microsoft Teams
• See what does and doesn’t work
• Demonstrate both eDiscovery (Standard) and (Premium)
Global Security and Compliance Conference 2022 5
6. Things we won‘t talk about…
• Compliance boundaries
• Predictive coding
• Encrypted documents (or somewhat)
• Attorney-client privilege
• Targetted collections
Global Security and Compliance Conference 2022 6
8. According to Wikipedia..
“Electronic discovery (also e-discovery or eDiscovery) refers to
discovery in legal proceedings such as litigation, government
investigations, or Freedom of Information Act requests, where the
information sought is in electronic format (often referred to as
electronically stored information or ESI”
Global Security and Compliance Conference 2022 8
9. EDRM Model
Electronic Discovery Reference Model
Processing
Preservation
Identification Review
Production and
Presentation
Analysis
Collection
11. Licensing eDiscovery (Standard)
• Office 365/Microsoft 365 E3
• Microsoft 365 F5
• Separate licenses for mailbox
holds (if not part of E3/E5)
https://bit.ly/3LLGoMw
20. Meeting summary
Kind:Meetings (can take 8 hours)
Call summary
Kind:Call (can take 8 hours)
Search for Teams information
All Microsoft Teams
Kind:Microsoftteams
Card
Kind:Microsoftteams (look for
“appname”)
Conversation or chat
Kind:IM (beware Skype for Business)
Global Security and Compliance Conference 2022 21
25. Global Security and Compliance Conference 2022 26
Custodians & other data sources
26. Global Security and Compliance Conference 2022 27
Subsets of information based on queries
Either is draft or final mode (committed – cannot be altered).
27. Global Security and Compliance Conference 2022 28
Used to review found information
Allows you select information, annotate information and export results
29. Global Security and Compliance Conference 2022 30
Information on job status. Crucial to get an insight.
30. Exporting information
Global Security and Compliance Conference 2022 31
• Difference in Standard and Premium
• Either file or Azure Storage
• If configured, redacted PDFs are
included
• When possible, information is also
converted to text
• Conversations are stored as HTML
31. Exporting information
Global Security and Compliance Conference 2022 32
• Difference in Standard and Premium
• Either file or Azure Storage
• If configured, redacted PDFs are
included
• When possible, information is also
converted to text
• Conversations are stored as HTML
34. Break-out rooms
Global Security and Compliance Conference 2022 35
• Documents stored in the
initiator’s OneDrive
• Chats (substrates) stored in the
initiator’s mailbox
• Recordings are stored in the
initiator’s OneDrive
35. Private/shared channels documents
Global Security and Compliance Conference 2022 36
• Stored in a separate SharePoint
Online site-collection
• Use PowerShell to find all site-
collections
• Include in eDiscovery query
36. Private channel conversations
Global Security and Compliance Conference 2022 37
• Conversations in a private
channel are stored in the
mailbox of the private channel
members, not the group
mailbox!
• Conversations are formatted, so
they are visible using filters
37. Shared channel conversations
Global Security and Compliance Conference 2022 38
• Conversations in a shared
channel are stored in a separate
system mailbox – this cannot be
selected!
• Instead – select the mailbox for
the Teams itself (as the shared
channel is associated with this
one)
38. Microsoft Loop
Global Security and Compliance Conference 2022 39
• OneDrive for Business | Chat
Files
• .fluid files are discoverable
• No preview
• Export is tricky – but on the
roadmap!
40. Complex!
Global Security and Compliance Conference 2022 41
• Beware of the many different locations when
creating an eDiscovery case
• Beware of breakout rooms, private & shared
channels
• You will need find and include all site-collections
and users' mailboxes for the shared channel…..
• Loop is still somewhat difficult but can be done!
• Committed collections cannot be rerun or edited
42. Thank you! Feedback?
Global Security and Compliance Conference 2022 43
https://forms.office.com/e/J5TB8AN3Ve
43. Albert Hoitingh
Global Security and Compliance Conference 2022 44
@Alberthoitingh
https://linkedin.com/in/appieh
https://alberthoitingh.com
Editor's Notes
Processing. After you've collected all data relevant to the case, the next step is process it for further review and analysis. In eDiscovery (Premium), the in-place data that you identified in the collection phase is copied to an Azure Storage location (called a review set), which provides you with a static view of the case data.