Get started with eDiscovery

Use eDiscovery to identify, preserve, collect, review, analyze, and export content that's responsive to your organization's internal and external investigations. Complete the following steps in the eDiscovery workflow to set up prerequisites and configure eDiscovery.

For more information about how eDiscovery can help you with investigations in your organization, see Learn about eDiscovery.

Subscriptions and billing

Before getting started with eDiscovery, review the new billing model for how data storage charges are calculated and what is included with your enterprise subscription. Depending on the types of data included in your eDiscovery cases, different charges might apply.

For more information, see Billing in eDiscovery.

Both admins and users working with eDiscovery cases require a Microsoft 365 Enterprise E3 or E5 license. If an admin account doesn't also have a Microsoft SharePoint E3 license, some SharePoint capabilities might be limited. It is recommended that both admins and users are licensed appropriately. Additionally, if the admin account has any conditional access Entra policy some operations may be restricted, see Troubleshoot sign-in problems with Conditional Access to troubleshoot policy issues.

Step 1: Assign permissions

To use any of the eDiscovery-related tools in the Microsoft Purview portal, you must assign the appropriate permissions to users. The easiest way to assign roles is to add the user to the appropriate role group on the Role groups page in the Microsoft Purview portal.

For step-by-step guidance, see Assign permissions in eDiscovery.

Step 2: Verify that required eDiscovery apps are enabled

eDiscovery requires the following Enterprise apps to be enabled in your Microsoft 365 or Office 365 organization. If these apps aren't enabled, you can't access all eDiscovery view, filter, and search features.

Step 3: Configure settings

Depending on the needs of your organization and individual cases, you might need to review and configure global eDiscovery settings:

• General: Turn on or off premium eDiscovery features for new cases.
• Analytics: Turn on Attorney-client privilege detection within your working sets. If you turn on attorney-client privilege detection, the attorney-client privilege model runs on your data and helps flag documents likely to be privileged. This flag is based on the content and by comparing participants against a user-provided attorney list. This feature doesn't replace the need for privilege review, it's meant to help you get started.
• Guest users: Manage guest access to cases in your organization. Invitations to guests are sent after your approval.
• Tag templates: Tags help organize content in a review set to complete various workflows. Tags can be reused across multiple review sets and cases with tag templates. You can group tags by sections and allow single or multiple choice tagging.

Step 4: Create a case

To get started with an investigation, you must create a case and configure case settings. The user who creates the case is automatically added as a member. Members of the case can access the case in the Microsoft Purview portal and perform eDiscovery tasks.

Step 5: Create a search

After creating a new case, you're automatically directed to the Searches tab in the case and you're ready to create a search for the case. Searches help you find the items you want to collect for the case.

Step 6: Review and refine search results

After the search query completes, you see the results displayed on the Statistics or Sample tabs (depending on the initial results type you chose) for the search. To view the results for the result type not chosen initially, select the applicable tab and you can generate results for the view.

For example, if you choose Statistics as the search result type initially, but after the search is completed you'd like to view Sample results, you'd select the Sample tab and select Generate sample results and define sample view settings. Select Run query to generate the sample results.

For more information about working with search results, see Review, evaluate, and refine search results in eDiscovery.

Step 7: Take action on search results

After reviewing the items returned in the search query and refining your search as needed, you can take specific actions on selected items included in the search results.

Add search results to a review set

When you're satisfied with the results of a search and you're ready to review and analyze those search results, you can add them to a review set in the case. Review sets provide a static, known set of content that you can search, filter, tag, analyze, and take other actions on items as part of your investigation. To add search result items to a review set, see Add search results to a review set in eDiscovery.

Export or download search results

Exporting and downloading search results can help internal and external partners stay current in your investigations. Download reports provide summary information for selected items in the search results in a .csv file. Exporting search results allows you to customize what items are included in the export, the types of items exported, the export format for item, and more. For more information about exporting search results, see Export search results in eDiscovery.

Download search results

To download the summary information for the search result items, complete the following steps:

1. On the Statistics or Sample tabs, select Download reports.
2. Save the .csv file to your local computer or network share.

Export search results

To export information for items in the search results, select Export and complete the details needed for the item export. For step-by-step guidance, see Export search results in eDiscovery.

Create holds

You can create holds to preserve content that might be relevant to an eDiscovery case. You can create holds at any time and they're not dependent on searches. For step-by-step guidance, see Create holds in eDiscovery.