Get started Bring yourself up to speed with our introductory content.

How to use SharePoint eDiscovery Center across SharePoint and Exchange

When using SharePoint eDiscovery Center to perform e-discovery across SharePoint, Exchange and Lync data, keep a few considerations in mind to boost efficiency, improve search and reduce risks.

One of the great advantages of the SharePoint eDiscovery Center is that it allows you to perform e-discovery across...

SharePoint, Exchange and Lync. With the ability to mine data across products from a single interface, combined with granular search options, SharePoint e-discovery can save time and reduce the chance that important data will be deleted -- or retained for too long.

Here are five considerations for making the most of SharePoint 2013's e-discovery features across a multi-product environment.

1. Understand native e-discovery tool options.

There are plenty of third-party e-discovery products to choose from, but those products tend to be expensive. So what if you want to perform e-discovery using native tools?

Exchange Server 2013 and SharePoint 2013 each have their own e-discovery interfaces, but only SharePoint eDiscovery Center allows for e-discovery and holds across Exchange Server, Lync and SharePoint. In contrast, the Exchange Administration Center only allows for e-discovery and holds to be performed on Exchange Server and Lync data.

The SharePoint eDiscovery Center organizes e-discovery operations into cases (the Exchange Administration Center does, as well). If an organization has multiple litigations occurring simultaneously, case-level granularity allows the various e-discovery operations to remain separate, even though cases can have overlapping queries (the same mailbox might be placed on hold within several different cases).

2. Establish and enforce data retention policies.

Although there is no centralized mechanism for managing Exchange and SharePoint data retention, retention policies and data lifecycle management are an important part of e-discovery.

Data retention regulations can help preserve data that could potentially be required in a case against the organization. That being said, it is risky from a legal standpoint to retain data beyond the required period of time. Such data could be discovered by the opposing council and used as a source of evidence against the organization.

As a best practice, you should establish an automated data lifecycle management policy that expires and automatically purges data once it reaches a certain age.

3. Take advantage of granularity within search and in-place hold.

Although it is possible to place entire Exchange mailboxes on legal hold, doing so might not always be the best idea. Chances are the mailbox contains data that is irrelevant to the litigation process. Your organization's attorneys will have to spend time sorting through this irrelevant data, which costs money. It is better to perform a more granular discovery. You also don't want to risk providing opposing counsel with any data beyond whatever is legally required.

The SharePoint eDiscovery Center treats the e-discovery process as a series of discovery sets. A discovery set is a named query for which the results can be put on an in-place hold. Creating a discovery set involves specifying the Exchange Server mailboxes and/or SharePoint URLs that are of interest. After doing so, you can create filters that will help to narrow down the results, thereby making them more relevant. These filters can consist of a date range, an author or sender, or a domain name.

One of SharePoint eDiscovery Center's helpful features is that it shows you the number of items returned by your query and the amount of space consumed by those items. In the event that your query returns an excessive number of results, you have the opportunity to refine your search prior to placing items on hold.

4. Use operators and proximity to narrow down the search.

E-discovery operations are keyword-based, but you can use operators and proximity as a way of refining the discovery process. The most commonly used operators are "AND", "OR" and "NOT". The "AND" operator lets you find key phrases containing multiple words such as risk AND management. The "NOT" operator works by eliminating certain phrases. For example, risk NOT management would find instances of the word risk, unless they are related to risk management.

These operators can also be placed in parentheses as a way of creating more complex filters. For example, if you wanted to perform a query that looked for variations of the phrase return on investment, it might look something like this:

(return AND investment) OR (ROI)

You can also perform proximity filtering with the "NEAR" filter. This filter works by allowing you to specify words that should be near each other. By default, the NEAR filter will look to see if the specified keyword occurs within eight words of another specified word, but you can enter your own value instead. For example, the phrase Mr. NEAR Posey would not only return instances of Mr. Posey it would also return instances of Mr. and Mrs. Posey.

Another thing you can do is append an asterisk to the end of a root word. This acts as a wildcard and returns variations of the word. For example, appending an asterisk to the end of the word shop would return words such as shops, shopped, shopping and shopkeeper.

5. Know what you are exporting.

When you export data to provide to lawyers, you need to know what is being exported. Generally speaking, Exchange Server data (messages, contacts, etc.) goes into PST files. With SharePoint eDiscovery center, SharePoint webpages are exported in MHTML format, and documents usually retain their native format. SharePoint will also produce a series of reports in spreadsheet format.

With so much data being generated, it is important to make sure the data is what you expected. The SharePoint eDiscovery Center's Export page provides a number of different export options. I recommend selecting the Remove Duplicate Exchange Content option, because doing so will save everyone time during the review process. I also recommend selecting the Remove Rights Management Services (RMS) Protection and Encryption From Exchange Data option. Otherwise, some of the exported data could exist in an unreadable, encrypted format.

Next Steps

Setting up e-discovery across Exchange in SharePoint

How information governance drives records management

SharePoint 2013's new compliance features

This was last published in October 2014

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

The pros and cons of SharePoint continue to divide users

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchDataManagement

SearchERP

SearchOracle

SearchSAP

SearchSQLServer

Close