eDiscovery with Microsoft 365: All You Need To Know

eDiscovery with Microsoft 365: All You Need To Know

Remember the good old days when working with Microsoft Office meant creating Word documents with the invaluable assistance of Clippy, the legendary mascot most of us had a love-hate relationship with?

Well, today Clippy has become a funny emoji for the most nostalgic while Microsoft Office has evolved into Microsoft 365, a host of subscription-based services from Microsoft that include premium versions of the traditional apps in the Microsoft Office suite, as well as many other tools for both individuals and businesses such as Outlook, Exchange, Microsoft Teams, OneDrive, and Yammer.

Launched in 2011, MS 365 (formerly known as Microsoft Office 365) is now used by over a million companies worldwide, with 1 out of 5 corporate employees working with Microsoft’s cloud services on a daily basis.

"It’s crucial to understand the discovery features available in MS 365, the benefits and challenges they present, and the best practices to manage Microsoft data overall."

But why care so much about the unquestionable success of the software giant? Simple. A huge portion of all discoverable information today lives in Microsoft 365 apps. And with the wide variety of data sources available in their ecosystem, MS 365 data can come in a never-ending list of file types, from the traditional .doc and .xls formats, to chat data from Teams, multimedia, or embedded content.

With Microsoft’s “all-encompassing” spirit, it’s no surprise that MS 365 offers its own eDiscovery tools to help users tackle the legal and compliance challenges presented by all the discoverable data generated in their apps and services.

So, when it comes to finding the most effective and efficient way to deal with MS 365 data in eDiscovery, internal investigations, or any other matter, it’s crucial to understand the discovery features available in MS 365, the benefits and challenges they present, and the best practices to manage Microsoft data overall.

Ready? Let’s dive in!

eDiscovery Features Available in Microsoft 365

Microsoft 365 offers a variety of eDiscovery features that are accessible depending on your subscription and the role you’re assigned.

These are their three eDiscovery solutions:

Content Search

As the tool’s name implies, Content Search allows you to run search queries (simple or advanced) to find relevant content across all your Microsoft apps and export the results to your device. You can also view statistics of the estimated search results such as the number of items matching your search criteria and the top locations.

Who can access it?

Content Search is available to users under these subscriptions (with different role-based access profiles):

  • Microsoft 365 E1
  • Microsoft 365 G1
  • Office 365 Education A1

Core eDiscovery

With Core eDiscovery, you can link searches and exports performed with Content Search to a specific case and share your project or case with specific users. It also lets you place and manage a legal hold on any relevant content locations for your case.

Who can access it?

Users under any of these subscriptions:

  • Microsoft 365 E3
  • Microsoft 365 G3
  • Microsoft 365 Education A3 or Office 365 Education A3

Advanced eDiscovery

The most sophisticated of all three, Advanced eDiscovery builds on the discovery tools provided in Core Discovery to include more robust legal hold and custodian management workflows, collection and processing capabilities like email threading, near-duplicate detection or OCR, review features such as search, filter, and tag, and even some machine learning and predictive coding capabilities.

Who can access it?

Advanced Discovery is available on their highest tier (and most expensive) Enterprise plan, Microsoft 365 E5, and through specific eDiscovery and compliance add-ons on the E3 plan.

Now, if you’ve paid close attention to what each plan includes, you’ve already realized:

Advanced Discovery is the only solution that actually allows you to manage your eDiscovery workflows, internal investigations, or disputes.

The other two licenses are more geared towards identifying and preserving potentially responsive information but don’t have much to offer beyond those initial stages of the EDRM.

But let’s say you’re willing to make the investment and pay for the plans that unlock Advanced Discovery capabilities, how effectively can you manage your discovery process with them?

Using MS 365 as Your eDiscovery Solution: Good or Bad Idea?

TL;DR: Unless your discovery needs are extremely basic, which is rarely the case these days, relying on Microsoft 365 as your main eDiscovery tool is not a great idea.

Let’s explore a few reasons why MS 365 may not be a great fit for your discovery needs.

"How likely is it that all of your discoverable data lives in Microsoft’s ecosystem?"

But before we even start covering some of the limitations it presents in terms of functionality, let’s get the most important limitation of all out of the way:

Microsoft’s 365 eDiscovery solutions only allow you to analyze data generated in Microsoft 365.

Nothing shocking here, I know. But think about it: How likely is it that all of your discoverable data lives in Microsoft’s ecosystem?

A recent study by Okta found that, depending on their size, companies today can use between 73 and 200 external applications on average. So regardless of how big your organization is, the chances that all your responsive documents are produced in Microsoft 365 are extremely low.

Apart from this crucial fact, Microsoft 365 users have repeatedly reported a series of issues that make it particularly challenging to work with this platform.

For example, there are severe limitations on the number of searches you can run at once, the number of search results you can preview, and the advanced search capabilities like wildcards, where only prefixes are supported. Besides, users report that the search engine is usually very slow and not centralized in one single module, which means that you usually need to search in multiple different places within the MS 365 ecosystem.

"A recent study by Okta found that, depending on their size, companies today can use between 73 and 200 external applications on average."

And the cherry on top? ​​You’ll need to use (and learn) Microsoft’s own search query syntax and rules, which are different from the ones commonly used in other platforms.

In terms of reviewing capabilities, they’re definitely not the most advanced or customizable. For example, they don’t allow for entire-page redactions, QC tags to quickly identify potentially privileged documents or duplicates, nor do they group documents by families. Plus, their review tools can only be applied to the limited number of file types they support (about 60), which means that a big portion of your data may need to be reviewed somewhere else.

When it comes to productions, Microsoft 365 is not able to support productions involving some level of complexity in terms of formatting or data sets bigger than 500 Gb. More importantly, it doesn’t allow you to collaborate with OC or opposing parties by inviting them into the platform, so your data may be exposed to higher risk when in transit.

Microsoft 365 eDiscovery with an eDiscovery Platform

While MS 365 can be a powerful tool to preserve and manage the data generated in their ecosystem, using it for your entire eDiscovery process presents some insurmountable obstacles.

Since you would need specialized eDiscovery software for any documents generated outside of Microsoft 365’s reign, your best bet is to choose a platform that allows you to process, review and produce data from any source with the most advanced and robust discovery capabilities available.

When you use eDiscovery software like Logikcull to manage your Microsoft 365 data, you are able to keep all your potentially responsive documents in one secure location with the most advanced discovery features.

This is how your workflow would look like with Logikcull:

Once you export your files from MS 365, you can combine them with any other data you need to analyze and upload into Logikcull with drag-and-drop ease. From there, more than 3000+ processing steps are automatically applied to your data set, so you can focus on your most important documents right from the start.

You can further cull through your documents thanks to advanced filtering, which allows you to filter your data using dozens of categories index at upload, and comprehensive search capabilities. You can perform unlimited searches with unlimited keywords and test them beforehand for a better understanding of how your data looks like.

"Choose a platform that allows you to process, review and produce data from any source."

And when it comes to reviewing, you’ll be able to leverage the most advanced features like near-dupe identification, customized and repeatable tagging, automatic privilege identification, etc.

And once you’re ready to produce, you’ll be able to do it just by clicking a button that says “download” or “share.” If you go for the latter, you’ll be able to securely share documents and productions directly through the application, which makes the entire process much more secure and streamlined.

How to Collect & Review Microsoft 365 Emails Fast with a Direct Integration

Apart from conducting your entire discovery process, internal investigation, or subpoena response with Logikcull, you can now automatically collect emails from Microsoft thanks to the recently-released MS365 email integration.

Ingesting your Outlook emails is now as easy as clicking a button.

Upon uploading your data into Logikcull, you’ll just need to select the Microsoft 365 icon under Cloud Upload, log in to your account through Azure Active Directory, and we will automatically retrieve a list of users from whom to export data.

Just select your preferred users and data range and voilĂ ! Your emails will be automatically sent to Logikcull.


Sometimes, you can’t just have “one tool to conquer them all.”

Microsoft 365 has truly robust software for team collaboration and document creation, but it falls short as an eDiscovery platform.

Moreover, with the recent explosion of applications used in the workplace, it is unrealistic to try to perform your entire discovery process in a tool where you can manage only a small portion of your data.

Make sure you choose the right discovery platform for all your needs, one that is easy to use, powerful, secure, and affordable.

4,500+ legal professionals love our newsletter, where they get the latest tech and discovery news, case law, best practices, and more!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Follow Logikcull on social media

Logikcull + MS365

Logikcull integrates seamlessly with Office 365 for incredibly fast, always reliable cloud-to-cloud eDiscovery.

logikcull + ms365

Related articles

6 Trends in eDiscovery for 2023: A Forecast of Where The Industry is Heading
Life’s a Breach: How Logikcull’s Upload-Only User Roles Help Prevent Hacking
Get Thee to a Nerdery: The New Shakespeare-Inspired Demo Data Set From Logikcull