Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Empowering the business for eDiscovery in Office 365 - BRK2112

41 views

Published on

45 minute breakout session from Microsoft Ignite 2019. Practical session covering 3 must-have skills for business teams to "self-serve" on their own eDiscovery requests.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Empowering the business for eDiscovery in Office 365 - BRK2112

  1. 1. Laying the foundation
  2. 2. Key Stakeholders
  3. 3. Building a strong eDiscovery team in your organization
  4. 4. @JoanneCKlein joannecklein@nexnovus.com joannecklein.com SharePoint & Office 365 consultant | Data Protection | Data Retention | Data Governance | eDiscovery Hi! I’m Joanne!
  5. 5. What about you?
  6. 6. The Electronic Discovery Reference Model1 Information Governance Identification Preservation & Collection Processing Review Production Presentation Analysis https://www.edrm.net/resources/frameworks-and-standards/edrm-model/
  7. 7. Integrated tools leveraging intelligence to reduce risk Simplify assessment of compliance risk and posture with actionable insights Integrated protection and governance of sensitive data across devices, apps and cloud services Intelligently respond to data discovery requests Compliance Manager Service Trust Portal Information Protection & Governance Encryption Access Control Search & Discovery Auditing
  8. 8. No separate archive Retention Collaboration Search index Benefits of “Built-in” Compliance
  9. 9. Do you have a strategy for protecting and managing sensitive and business critical data? Where is your sensitive data? Do you have control of it? How are you managing it?
  10. 10. eDiscovery Information Governance DISPOSE Eliminate what you don’t need RETAIN Retain what you are obligated to keep PROTECT Protect your sensitive information FASTER RESPONSE Quicker turnaround time on requests REDUCED EXPENSE Less resource effort to analyze/prepare results REDUCED RISK Less risk exposure due to over-retaining content A good balance to strike
  11. 11. Partnerships 200+ updates per day from 750 regulatory bodies¹ Get your electronic house in order! ¹ Thomson Reuters, "Cost of Compliance 2018 Report: Your biggest challenges revealed," 2018 • Leverage the shared responsibility model • Coordinated effort of 3 groups
  12. 12. Information Governance has 3 Stakeholder groups!
  13. 13. Legal, Risk, Compliance Teams… Legal constraints and obligations (eDiscovery) Regulatory obligations (Government/Industry regulation) Contractual obligations (Payment card industry requirements)
  14. 14. 3 Subject Matter Expert resources
  15. 15. Building a strong eDiscovery team
  16. 16. Reduced security & privacy concerns Enhanced efficiency and reduced timelines Eliminate communication breakdowns Empowered eDiscovery Team They understand the problem best What’s in it for them/us?
  17. 17. 3 “Must-have” Skills Building a strong eDiscovery team
  18. 18. Skill 1 Understanding Office 365 Architecture
  19. 19. WRITE YOUR SUBTITLE HERE If I search a user’s mailbox, what do I get back? 1. . . . 2. How do I search everything in a Microsoft Teams? 3. Are in-app chats discoverable? 4. Are document comments discoverable? 5. How do I search against Yammer messages? 6. Are Planner tasks discoverable? 7. Are Microsoft Teams meeting recordings discoverable? Real questions from the field… Is the recycle bin discoverable? 8.
  20. 20. eDiscovery search locations
  21. 21. Search by Office 365 Application Search by Office 365 Business Artifact Office 365 Architecture Thru the eyes of the eDiscovery Team
  22. 22. Key Takeaways for Office 365 Architecture
  23. 23. Skill 2 Understanding Electronic Holds and how they work
  24. 24. A hold ensures the integrity and completeness of the records necessary to fulfill the request
  25. 25. Custodians
  26. 26. When a mailbox is on hold… End-user has no indication its on hold End-user can still delete email messages Retained in “Recoverable Items Partition”
  27. 27. When a SharePoint or ODFB site is on hold… End-user has no indication its on hold Retained in “Preservation Hold Library” End-user can add/change/delete content
  28. 28. Key Takeaways for electronic hold
  29. 29. Skill 3 Translating a request into an eDiscovery search 4 real-world examples
  30. 30. For each eDiscovery request… To answer this… eDiscovery teams need to… What are we looking for? Have common understanding of the request Define the custodians and SMEs Define the locations to search against How do we get it? Define the query to find it Who has it? Where do we look for it?
  31. 31. For simple queries Use as a starting point For learning KQL For complex queries Compound conditions Can validate in regular search GUI Method KQL Method WRITE YOUR SUBTITLE HEREKeyword Query Language (KQL)
  32. 32. eDiscovery video of GUI to KQL
  33. 33. For each eDiscovery request… To answer this… eDiscovery teams need to… What are we looking for? Have common understanding of the request Define the custodians and SMEs Define the locations to search against How do we get it? Define the query to find it Who has it? Where do we look for it? What does it look like? Review, reduce, export the results
  34. 34. Advanced eDiscovery Core eDiscovery Export to review and analyze Review | Reduce | Export the results… Email de-duplication Review and analyze with tool Email threading, Theming, Tagging, Machine learning, Annotation, Redaction Save records of interest for review Save records of interest for review
  35. 35. Real-world examples
  36. 36. “FBI has issued a subpoena for all communications of employee Debra Berger from start of her employment to present day” How do we define “communications” and how do we protect the integrity of the records? Example 1 External Litigation
  37. 37. Export Yammer messages for a user Work with partner to archive third-party data How do we define “communications”?
  38. 38. For this request, “communications” is defined as… Debra’s mailbox Group mailboxes Debra is a member of Debra’s colleagues’ and managers’ mailboxes
  39. 39. How do we protect the integrity of the records? An Electronic Hold
  40. 40. Search against the hold locations
  41. 41. The results Debra’s Emails Debra’s 1:1 and Group Chats Debra’s Skype Messages Outlook conversations Debra participated in Channel conversations Debra participated in
  42. 42. Key Takeaways from this request…
  43. 43. “Investigate an allegation of asset theft from within your organization by employee John Doe to the buyer, Mr. X” We need to see if there’s a story behind the data Example 2 Internal Investigation
  44. 44. Place ALL of John Doe’s business artifacts on Hold Microsoft Teams John Doe is a member of John Doe’s mailbox for emails and chats John Doe’s OneDrive site
  45. 45. The results ExportTagReviewQueryAnalyze
  46. 46. The business artifacts come together to tell a story… Emails with Mr. X lining up sale of stolen goods Microsoft To Do Task to create a fictitious “sales invoice” Calendar invitation to have coffee with Mr. X Channel conversation with an internal person to facilitate the fraud Contact card for Mr. X
  47. 47. Key Takeaways from this request…
  48. 48. “Find all records relating to the maintenance of ADA curb ramps along University Ave from 2017 to present day”… Who are the Subject Matter Experts? Example 3 Statutory request
  49. 49. Contracts Work- orders Manifests Facilities projects Emails to external vendors OneDrives of Facilities staff Subject Matter Experts (SMEs)
  50. 50. Subject Matter Experts (SMEs) University Ave* AND ((Curbs OR Ramps) OR (ADA OR "Americans with Disabilities Act")) AND (date=2017-01-01..2019-11-04) Translates into this KQL:1. University Ave 2. Curbs 3. Ramps 4. ADA 5. Americans with Disabilities Act
  51. 51. Search Query #1 (Facilities staff) All Microsoft Team members’ mailboxes for chats Group mailbox for conversations All Microsoft Team members’ OneDrives for files shared Microsoft Teams SharePoint sites for files
  52. 52. Search Query #2 (All staff) externalvendor1@gmail.com externalvendor2@outlook.com All tenant mailboxes for external emails to vendors
  53. 53. The results ExportTagReviewQueryAnalyze
  54. 54. The relevant business artifacts are exported Emails sent to external vendors and internal staff Microsoft To Do Tasks for maintenance tasks Maintenance schedule 1:1 and Group Chats, Meeting & Call summaries Channel conversations amongst Facilities staff regarding maintenance Maintenance Work orders and contracts
  55. 55. Key Takeaways from this request…
  56. 56. “Find all records on Carbon Tax between January 1, 2018 and December 31, 2018” What are good search terms to find the records? Example 4 Statutory Request
  57. 57. Defining locations to search against 1. All User’s mailboxes 2. All Group mailboxes 3. All Teams messages 4. All Tasks 5. All User’s OneDrives 6. All SharePoint sites 7. All Office 365 Group sites 8. All Team sites
  58. 58. The importance of defining search keywords Original Search Terms Carbon Tax Price on pollution Price on carbon Carbon price Federal backstop Carbon Pollution Refined Search Terms Carbon Tax Price on pollution Price on carbon Carbon price Federal backstop
  59. 59. The results Emails Microsoft To Do Tasks 1:1 and Group Chats, Meeting & Call summaries Sways Form responses MessagesCalendar items Channel conversations Outlook conversations Files shared in Chat and Channels Files List items & attachments SharePoint Calendar SharePoint tasks SharePoint pages and Wikis
  60. 60. Key Takeaways from this request…
  61. 61. Key Takeaways to translate a request into a search
  62. 62. 3 Must-have Skills for an eDiscovery team
  63. 63. Key Takeaways from this session
  64. 64. eDiscovery Licensing Office 365 E5 license eDiscovery feature Office 365 Business Essentials or Business Premium Office 365 F1 or E1 or Office 365 US Gov F1 or G1 Office 365 E3 or Office 365 US Gov G3 Office 365 E5 or Microsoft 365 E5 Advanced eDiscovery standalone license eDiscovery cases Yes Yes Yes Yes Yes eDiscovery holds No No Yes Yes Yes eDiscovery export No No Yes Yes Yes Advanced eDiscovery No No No Yes Yes
  65. 65. To take back to the office Office 365 Architecture for eDiscovery [Infographic] Keyword Queries and Search Conditions Discovering URLs for SharePoint and OneDrive sites

×