eDiscovery with Microsoft 365: All You Need To Know

eDiscovery with Microsoft 365: All You Need To Know

For a more comprehensive overview of the main eDiscovery challenges presented by Microsoft 365 and how you can avoid them, check out Logikcull’s recent guide, “eDiscovery in Microsoft 365: A Compete Guide.”


Remember the good old days when working with Microsoft Office meant creating Word documents with the invaluable assistance of Clippy, the legendary mascot most of us had a love-hate relationship with?

Well, today Clippy has become a funny emoji for the most nostalgic while Microsoft Office has evolved into Microsoft 365, a host of subscription-based services from Microsoft that include premium versions of the traditional apps in the Microsoft Office suite, as well as many other tools for both individuals and businesses such as Outlook, Exchange, Microsoft Teams, OneDrive, and Yammer.

Launched in 2011, MS 365 (formerly known as Microsoft Office 365) is now used by over a million companies worldwide, with 1 out of 5 corporate employees working with Microsoft’s cloud services on a daily basis.

It’s crucial to understand the discovery features available in MS 365, the benefits and challenges they present, and the best practices to manage Microsoft data overall.

But why care so much about the unquestionable success of the software giant? Simple. A huge portion of all discoverable information today lives in Microsoft 365 apps. And with the wide variety of data sources available in their ecosystem, MS 365 data can come in a never-ending list of file types, from the traditional .doc and .xls formats, to chat data from Teams, multimedia, or embedded content.

With Microsoft’s “all-encompassing” spirit, it’s no surprise that MS 365 offers its own eDiscovery tools — Microsoft Purview eDiscovery solutions — to help users tackle the legal and compliance challenges presented by all the discoverable data generated in their apps and services.

So, when it comes to finding the most effective and efficient way to deal with MS 365 data in eDiscovery, internal investigations, or any other matter, it’s crucial to understand the discovery features available in MS 365, the benefits and challenges they present, and the best practices to manage Microsoft data overall.

Ready? Let’s dive in!

eDiscovery Features Available in Microsoft 365

Microsoft 365 offers a variety of eDiscovery features that are accessible depending on your subscription and the role you are assigned.

These are their three eDiscovery solutions:

Content Search

As the tool’s name implies, Content Search allows you to run search queries (simple or advanced) to find relevant content across all your Microsoft apps and export the results to your device. You can also view statistics of the estimated search results such as the number of items matching your search criteria and the top locations.

Who can access it?

Content Search is available to users under these subscriptions (with different role-based access profiles):

  • Microsoft 365 E1 subscription
  • Microsoft 365 G1 subscription
  • Microsoft 365 F1 or F3 subscription, or F5 Security add-on
  • Microsoft 365 Business Premium subscription
  • Microsoft 365 Business Standard subscription
  • Microsoft 365 Business Basic subscription
  • Office 365 Education A1 subscription
  • Office 365 E1 subscription

eDiscovery (Standard)

With eDiscovery (Standard), you can link searches and exports performed with Content Search to a case and share your project or case with specific users. It also lets you place and manage a legal hold on any relevant content locations for your case.

Who can access it?

Users under any of these subscriptions:

  • Exchange Online Plan 2
  • SharePoint Online Plan 2
  • Microsoft 365 E3 subscription
  • Microsoft 365 G3 subscription
  • Microsoft 365 Business Premium subscription
  • Microsoft 365 F5 Compliance add-on or F5 Security & Compliance add-on
  • Microsoft 365 Education A3 or Office 365 Education A3 subscription
  • Office 365 E3 subscription

eDiscovery (Premium)

The most sophisticated of all three, eDiscovery (Premium) builds on the discovery tools provided in eDiscovery (Standard) to include more robust legal hold and custodian management workflows, collection and processing capabilities like email threading, near-duplicate detection or OCR, review features such as search, filter, and tag, and even some machine learning and predictive coding capabilities.

Who can access it?

eDiscovery (Premium) is available for their highest tier (and most expensive) Enterprise plan, Microsoft 365 E5, and through specific eDiscovery and compliance add-ons on the E3 plan. More specifically, it's available under:

  • Microsoft 365 E5 or Office 365 E5 subscription
  • Microsoft 365 E3 subscription with E5 Compliance add-on
  • Microsoft 365 E3 subscription with E5 eDiscovery and Audit add-on
  • Microsoft 365 G5 subscription
  • Microsoft 365 G5 subscription with G5 Compliance add-on
  • Microsoft 365 G5 subscription with G5 eDiscovery and Audit add-on
  • Microsoft 365 F5 Compliance add-on or F5 Security & Compliance add-on
  • Microsoft 365 Education A5 or Office 365 Education A5 subscription

Now, if you’ve paid close attention to what each plan includes, you’ve already realized:

eDiscovery (Premium) is the only solution that actually allows you to manage your discovery workflows, internal investigations, and disputes.

The other two licenses are more geared towards identifying and preserving potentially responsive information but don’t have much to offer beyond those initial stages of the EDRM.

But let’s say you’re willing to make the investment and pay for the plans that unlock eDiscovery (Premium) capabilities, how effectively can you manage your discovery process with them?

Using MS 365 as Your eDiscovery Solution: Good or Bad Idea?

TL;DR: Unless your discovery needs are extremely basic, which is rarely the case these days, relying on Microsoft 365 as your main eDiscovery tool is not a great idea.

Let’s explore a few reasons why MS 365 may not be a great fit for your discovery needs.

How likely is it that all of your discoverable data lives in Microsoft’s ecosystem?

But before we even start covering some of the limitations it presents in terms of functionality, let’s get the most important limitation of all out of the way:

Microsoft Purview eDiscovery solutions only allow you to properly analyze data generated in Microsoft 365.

Nothing shocking here, I know. But think about it: How likely is it that all of your discoverable data lives in Microsoft’s ecosystem?

A recent study by Okta found that, depending on their size, companies today can use between 73 and 200 external applications on average. So regardless of how big your organization is, the chances that all your responsive documents are produced in Microsoft 365 are extremely low.

Apart from this crucial fact, Microsoft 365 users have repeatedly reported a series of issues that make it particularly challenging to work with this platform.

For example, there are important limitations on the number of searches you can run at once, the number of search results you can preview, and the advanced search capabilities like wildcards, where only prefixes are supported. Besides, users report that the search engine is usually very slow and not centralized in one single module, which means that you usually need to search in multiple different places within the MS 365 ecosystem. But most importantly, Microsoft's discovery ecosystem can create countless defensibility problems as a big portion of the data is non-indexed or partially indexed. And if you can't index it, you can't search it. So it becomes dark data  — even when some of those files could be smoking guns for the matter at hand.

"A recent study by Okta found that, depending on their size, companies today can use between 73 and 200 external applications on average."

And the cherry on top? ​​You’ll need to use (and learn) Microsoft’s own search query syntax and rules, which are different from the ones commonly used in other platforms.

In terms of reviewing capabilities, they’re definitely not the most advanced or customizable. For example, they don’t allow for entire-page redactions, QC tags to quickly identify potentially privileged documents or duplicates, nor do they group documents by families. Plus, their review tools can only be applied to the limited number of file types they support, which means that a big portion of your data may need to be reviewed somewhere else.

When it comes to productions, Microsoft 365 doesn't support productions involving some level of complexity in terms of formatting or big data sets. More importantly, it doesn’t allow you to collaborate with OC or opposing parties by inviting them into the platform, so your data may be exposed to higher risk when in transit.

Microsoft 365 eDiscovery with an eDiscovery Platform

While MS 365 can be a powerful tool to preserve and manage the data generated in their ecosystem, using it for your entire eDiscovery process presents some insurmountable obstacles.

Since you would need specialized eDiscovery software for any documents generated outside of Microsoft 365’s reign, your best bet is to choose a platform that allows you to process, review and produce data from any source with the most advanced and robust discovery capabilities available.

When you use eDiscovery software like Logikcull to manage your Microsoft 365 data, you are able to keep all your potentially responsive documents in one secure location with the most advanced and defensible discovery features.

This is how your workflow would look like with Logikcull:

Once you export your files from MS 365 (or collect them via direct integration), you can combine them with any other data you need to analyze and upload into Logikcull with drag-and-drop ease. From there, more than 3000+ processing steps — including Deep Text Recognition, which indexes 100 of your files — are automatically applied to your data set, so you can focus on your most important documents right from the start.

You can further cull through your documents thanks to advanced filtering, which allows you to filter your data using dozens of categories index at upload, and comprehensive search capabilities. You can perform unlimited searches with unlimited keywords and test them beforehand for a better understanding of how your data looks like.

Choose a platform that allows you to process, review and produce data from any source.

And when it comes to reviewing, you’ll be able to leverage the most advanced features like near-dupe identification, customized and repeatable tagging, automatic privilege identification, etc.

And once you’re ready to produce, you’ll be able to do it just by clicking a button that says “download” or “share.” If you go for the latter, you’ll be able to securely share documents and productions directly through the application, which makes the entire process much more secure and streamlined.

How to Collect & Review Microsoft 365 Emails Fast with a Direct Integration

Apart from conducting your entire discovery process, internal investigation, or subpoena response with Logikcull, you can now automatically collect emails from Microsoft thanks to the recently-released MS365 email integration.

Ingesting your Outlook emails is now as easy as clicking a button.

Upon uploading your data into Logikcull, you’ll just need to select the Microsoft 365 icon under Cloud Upload, log in to your account through Azure Active Directory, and we will automatically retrieve a list of users from whom to export data.

Just select your preferred users and data range and voilà! Your emails will be automatically sent to Logikcull.


Sometimes, you can’t just have “one tool to conquer them all.”

Microsoft 365 has truly robust software for team collaboration and document creation, but it falls short as an eDiscovery platform.

Moreover, with the recent explosion of applications used in the workplace, it is unrealistic to try to perform your entire discovery process in a tool where you can manage only a small portion of your data.

Make sure you choose the right discovery platform for all your needs, one that is easy to use, powerful, secure, and affordable.

Want to see Logikcull in action? 

Let us show you how to make Logikcull can help you save thousands in discovery.

Want to see Logikcull in action? Let's chat.

Our team of product specialists will show you how to make Logikcull work for your specific needs and help you save thousands in records requests, subpoenas, and general discovery.