eDiscovery Journal

Teams Collections Complications – MC261534

M365 Teams collections are already challenging corporate eDiscovery and provider teams with hidden SharePoint and OneDrive sites. Today’s Major Change Update Notification (MC261534 - reproduced at end for non-admins) covers the June-July roll out of Roadmap ID 81945 that dramatically expands custodian’s ability to associate existing/other Teams sites and automatically create private channel sites. More importantly, non-admin custodians are losing the ability to manually [...]

By Greg Buckles|2021-06-14T10:55:15-05:00June 14th, 2021|Info Gov, Investigation, Essay, Collectors, Preservation, Legal Holds, Collection, Content Management, ESI Sources, Architecture, Search|0 Comments

Teams Transcripts – eDiscovery Gap

Teams transcripts are not currently available in M365 Content Search, eDiscovery or via the Graph API. As previously blogged about, Microsoft is busy consolidating the Microsoft 365 architecture to improve search and other functionality. There are obvious issues with working on the car while your customers are driving it, even when it is the most efficient solution. As of October 2020, the default Teams [...]

By Greg Buckles|2021-06-09T16:10:47-05:00June 9th, 2021|Essay, Collectors, Legal Holds, Collection, Processing, ESI Sources, Search|0 Comments

Quick Performance Tip for AED2 Processing

A peer with a looming deadline messaged me yesterday to ask if I knew of any way to export Advanced eDiscovery (AED2) collections without processing them into a review set. Despite a vague recollection from the Spring 2021 AED webinar of a MSFT PM saying that a ‘direct to export’ collection feature was on the road map I could not find confirmation. At this [...]

By Greg Buckles|2021-05-26T11:18:52-05:00May 26th, 2021|Platform, Essay, Collectors, ESI Sources, Search|0 Comments

Aryaka Global WAN Report Take-Aways

What can a 1,350 global enterprise survey tell us about the evolving composition and location of ESI? Although Araka’s fifth annual survey is focused on WAN and security infrastructure, it contains nuggets with eDiscovery impact. Over 80% of respondents expect more than 25% of workers to remain remote, confirming that the hybrid work environment is here to stay. 46% of respondents have deployed over [...]

By Greg Buckles|2021-03-23T15:30:21-05:00March 23rd, 2021|Essay, Global, ESI Sources, Architecture|0 Comments

Enterprise Classification – Minimizing the Impact of Data Breaches

Typical Response Tasks · Preservation · Forensics · Log analysis · Malware reverse engineering · Surveillance · Remediation · Endpoint detection & response · Exfiltration – eDiscovery · Physical security · Regulatory compliance · Consumer notification · Legal response · Law enforcement liaison The latest Microsoft Exchange breach moved downstream to 60,000+ SMB victims from the Solar Wind’s hack that targeted Microsoft and government [...]

By Greg Buckles|2021-03-07T15:47:22-06:00March 7th, 2021|Essay, Analytics, Content Management, ESI Sources, Architecture, Search|0 Comments

Handling M365 AED Unindexed Content

A question to the eDiscovery Facebook group asked how others were handling the unindexed items reported in M365 core and AED searches. If you have not run M365 eDiscovery searches yet or not noticed the Status section of the search detail page, it provides the item count and volume of ‘unsearchable items’ in the sources that your search. In my recent legal hold validation [...]

By Greg Buckles|2021-03-03T18:04:28-06:00March 3rd, 2021|Essay, ESI Sources, Architecture, Search|0 Comments

Hackers Targeting M365 eDiscovery Services

Thanks to my friend Jason Velasco for drawing my attention to the article Hidden Dangers of Microsoft 365’s Power Automate and eDiscovery Tools. Hitesh Sheth at DarkReading.com is extrapolating from a massive data collection study from 4 million Cognito Detect for Office 365 customers by Vectra. I am not sure that I agree with his red flag alert that hackers are actively using Power [...]

By Greg Buckles|2021-02-10T10:29:24-06:00February 10th, 2021|Essay, Security, ESI Sources, Architecture|0 Comments

IM eDiscovery: Resurrecting the 5000:1 Rule

One of my Litsupport team wearing the departmental t-shirts. Used with permission Blame Jonathan Maas for reminding me of my 5000:1 rule from the Enron email review. “For every 5,000 emails we review someone gets fired.” To put that rule in late 1990’s context, everyone having a corporate email account was still a relatively new thing. Just like the pandemic driven adoption [...]

By Greg Buckles|2021-01-12T12:38:17-06:00January 12th, 2021|Essay, Collectors, Compliance, Legal Holds, Privacy, ESI Sources|0 Comments

What is Your Messaging App Tracking?

In the days of on-site policy assessment engagements, I loved asking random attendees to step away from their laptops so that I could ‘compliance check’ them. For new or stuffy clients I would ask the MIS/Security stakeholder to pick some random ‘safe’ machines on the floor for the check. Inevitably, every poor admin chosen had stashes of PSTs/MSGs, private gmail mailboxes open, various chat [...]

By Greg Buckles|2021-01-11T14:59:12-06:00January 11th, 2021|Investigation, Essay, Collectors, Preservation, Legal Holds, Collection, Processing, ESI Sources|0 Comments

It’s a Jump to the Left – Relativity Acquires VerQu

Relativity’s acquisition of VerQu makes a lot of sense from the corporate RelativityOne customer perspective. Once integrated, the VerQu Hydra connectors have the potential to dramatically expand the scope of holds, in-place searches and collections. The pandemic has escalated adoption of Teams, video conferencing and a myriad of collaboration platforms that Hydra already gives customers access to. In a happy coincidence, VerQu was on [...]

By Greg Buckles|2021-01-06T12:51:50-06:00January 6th, 2021|Platform, United States, Info Gov, Corporate, Essay, Investigation, Collectors, Preservation, Legal Holds, Collection, Content Management, ESI Sources, Architecture, Purchase, Management|0 Comments