Purview eDiscovery Overview

Purview eDiscovery Checklist

Estimated reading: 3 minutes 504 views Contributors Greg Buckles

This rough checklist is just a starting point and intended to support documentation, coordination and considerations relevant to Purview eDiscovery actions. Such a checklist can be created in your eDiscovery platform, a secured SharePoint site or any other appropriate platform. Every export should have a fully documented Chain-of-Custody form that ties to the decision history.

  • Request Goal and matter factors
    • Investigation – informal
    • Investigation – formal
    • Civil or criminal standard of evidence
    • Legal hold? Silent or custodial notices?
    • ECA or scoping searches
    • Collection Request
  • System
    • Standard – M3
    • Premium – M5
    • External/Custom – GraphAPI
  • Identification/Scope
    • Custodians
      • Mailboxes
      • OneDrives
      • Conversations/Chat
    • Groups
      • SPOD
      • Mailboxes
      • Conversations/Chats
    • Apps – Yammer, Streams, etc.
      • Any potentially relevant use of Copilot AI or issued Copilot+ laptops to custodians?
    • Known locations – SharePoint content
  • Actual search refined from identification scope iterations. Actual KQL syntax from search properties in UI should be preserved.
    • Scope/targets – may have to divide by sources
      • Global?
      • Custodians – Mailboxes/OneDrive
      • Locations – Group/URL
        • SP
        • Mailbox
      • Inactive/Public/Shared
    • Selection criteria –
      • Date – fielded or UI aggregate? Sent vs. DateCreated vs. Date Modified
      • People – SMTP & DisplayName
        • Communications – container vs. fields (Participants/Sent/Received/BCC/etc.)
      • Documents – location (access) vs. Fields (CreatedBy/ModifiedBy)
      • Content criteria – See Purview search documentation and/or guide page (TBD).
      • Options: Guest mailboxes, Shared Teams channels, Inactive mailboxes, group mailboxes, Unindex items (were they added to the results?)
      • Search metrics – as documented at the time of search
    • Processing/Export – how were the results exported?
      • Were the collection search results directly exported (manual/API) or added to a review set to process?
      • Export settings –
        • Selected documents that were tagged or otherwise refined.
        • All search results
        • Report only
        • Export format
        • Directory structure settings
        • Include tage, text files and replace redated natives with PDFs?
0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
oldest
newest most voted
Inline Feedbacks
View all comments
Share this Doc

Purview eDiscovery Checklist

Or copy link

CONTENTS
Go to Top