Merge pull request #50459 from MicrosoftDocs/NEW-purview-understand-ediscovery

New purview understand ediscovery

Author: denrea

learn-pr/wwl-sci/purview-ediscovery-understand/compare-classic-new-ediscovery.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-ediscovery-understand.compare-classic-new-ediscovery
+title: Compare the classic and new eDiscovery experiences
+metadata:
+  title: Compare the classic and new eDiscovery experiences
+  description: "Compare the classic and new eDiscovery experiences"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 6
+content: |
+  [!include[](includes/compare-classic-new-ediscovery.md)]

learn-pr/wwl-sci/purview-ediscovery-understand/includes/compare-classic-new-ediscovery.md

@@ -0,0 +1,62 @@
+Microsoft has updated how eDiscovery works in Microsoft Purview. If you're familiar with the older experience in the Microsoft Purview compliance portal, you'll notice several changes in the new one. Some workflows have been updated or consolidated, while others have been removed entirely.
+
+## Why there are two eDiscovery experiences
+
+During the transition from the Microsoft Purview compliance portal to the new portal, Microsoft introduced an updated experience for managing eDiscovery cases, searches, and review sets. For a limited time, you can still use the classic experience, but the new experience is the supported path going forward.
+
+Many of the same concepts still apply, but the layout, terminology, and feature availability are different.
+
+## What's different in the new experience?
+
+Here are some of the most important differences between the classic and new eDiscovery experiences:
+
+- **Advanced indexing runs automatically**: In the classic experience, advanced indexing had to be triggered manually to reprocess partially indexed content before you could search it. In the new experience, advanced indexing happens automatically when you run a search, add items to a review set, or export results. There's no need to initiate it separately.
+
+- **Search statistics have replaced collections**: The classic experience used collections to estimate the size and scope of potentially relevant content. In the new experience, search statistics provide similar insights. You can still analyze the scope of results and preview items, but you're no longer limited to fixed, immutable collections. Searches can be updated or rerun at any time.
+
+- **Content search is built into eDiscovery**: Previously, Content search was a separate feature from eDiscovery. In the new experience, content search is available by default in a system-generated eDiscovery case. Members of the eDiscovery Manager or Administrator role groups can access it directly. You can also manage holds and review sets within this case, depending on your subscription.
+
+- **Cases are now the central organizing unit**: In the classic experience, custodians played a more prominent role in organizing cases. The new experience centers everything around the case itself. You still assign custodians and add data sources, but those actions all happen within the context of the case.
+
+- **Exporting content is faster and more consistent**: The export process has been streamlined. It now provides faster performance, clearer reports, and consistent options for both standard and premium features. Exporting from either a review set or a search now follows the same unified process.
+
+- **Jobs are now called processes**: In the classic experience, tasks and activities were grouped as jobs. The new experience uses the term processes instead. These provide more visibility and reporting for long-running tasks like indexing, exporting, or adding content to a review set.
+
+## Feature availability based on licensing
+
+In the new eDiscovery experience, standard and premium capabilities are part of the same unified interface. Your organization's license determines which features are available, but there's no longer a need to switch between separate tools. What you can do within a case depends on your permissions and subscription level.
+
+Use the table to understand which capabilities are available based on your license:
+
+| Capability  | Standard | Premium |
+|-----|-----|-----|
+| Search for content  | ✓ | ✓|
+| Keyword queries and search conditions | ✓ | ✓ |
+| Search statistics | ✓ | ✓ |
+| Export search results | ✓ | ✓ |
+| Role-based permissions | ✓ | ✓ |
+| Case management | ✓ | ✓ |
+| Place content locations on hold | ✓ | ✓ |
+| Advanced indexing | | ✓ |
+| Review sets | | ✓ |
+| Cloud attachments and SharePoint versions | | ✓ |
+| Optical character recognition (OCR) | | ✓ |
+| Conversation threading | | ✓ |
+| Review set filtering | | ✓ |
+| Tagging | | ✓ |
+| Analytics (email threading, near-duplicate) | | ✓ |
+| Computed document metadata | | ✓ |
+| Reporting for long-running processes | | ✓ |
+
+## Temporary access to the classic experience
+
+You can still use the classic eDiscovery experience in the Microsoft Purview portal if your organization relies on specific features that haven't yet migrated. These include:
+
+- Sending and tracking legal hold notifications
+- Associating custodians with reusable data sources
+- Importing non-Microsoft 365 data into a review set
+- Remediating multiple processing errors in bulk
+
+These features will be available only for a limited time and are scheduled to retire after August 2025.
+
+The new eDiscovery experience in Microsoft Purview simplifies how organizations manage searches, holds, and review sets across Microsoft 365. While many core features are still available, the updated interface improves performance and reduces the number of manual steps required. By understanding how the two experiences differ and what features your license includes, you can take full advantage of the latest tools and prepare for the retirement of the older interface.

learn-pr/wwl-sci/purview-ediscovery-understand/includes/introduction.md

@@ -0,0 +1,19 @@
+Legal investigations, regulatory requests, and internal reviews often require more than just finding documents. Organizations need a consistent, defensible process for identifying, preserving, reviewing, and producing electronically stored information (ESI). Without the right tools in place, responding to these requests can be slow, inconsistent, or incomplete, putting the organization at risk.
+
+Microsoft Purview provides eDiscovery tools that help legal, compliance, and security teams manage this process end to end. With support for role-based access control, content search, legal holds, review sets, and advanced analytics, organizations can respond to investigations with confidence and consistency.
+
+Learn the core concepts behind eDiscovery in Microsoft Purview, including:
+
+- How the eDiscovery process works and why it matters
+- What changed in the new eDiscovery experience
+- How Microsoft Purview supports each stage of the eDiscovery lifecycle
+- Who has access to eDiscovery and how permissions are assigned
+
+## Learning objectives
+
+By the end of this module, you'll be able to:
+
+- Explain what eDiscovery is and when to use it
+- Compare the classic and new eDiscovery experiences in Microsoft Purview
+- Describe each step of the eDiscovery lifecycle
+- Identify which roles and permissions are required to use eDiscovery features

learn-pr/wwl-sci/purview-ediscovery-understand/includes/summary.md

@@ -0,0 +1,10 @@
+Investigations require more than improvised searches. Organizations need tools that support a defensible eDiscovery process across Microsoft 365 services. Microsoft Purview provides those tools through a modern eDiscovery experience designed to help teams work efficiently while maintaining compliance.
+
+Microsoft Purview supports the full eDiscovery lifecycle, from identifying and preserving content to reviewing and exporting it. The updated experience introduces key improvements over the classic one, and feature availability depends on licensing. Access is managed through permissions that limit sensitive case data to authorized users.
+
+Understanding how eDiscovery works in Microsoft Purview helps organizations handle investigations with more control and less guesswork. With the right tools and permissions in place, teams can move quickly to preserve data, manage access, and deliver results that meet legal and regulatory expectations while minimizing disruption to daily operations.
+
+## References
+
+- [Learn about eDiscovery](/purview/edisc?azure-portal=true)
+- [Learn about the eDiscovery workflow](/purview/edisc-workflow?azure-portal=true)

learn-pr/wwl-sci/purview-ediscovery-understand/includes/understand-ediscovery-lifecycle.md

@@ -0,0 +1,31 @@
+eDiscovery in Microsoft Purview follows a structured workflow designed to help legal, compliance, and security teams find and manage content relevant to an investigation. This process ensures that electronically stored information (ESI) is identified, preserved, and reviewed in a consistent and defensible way.
+
+Here's a high-level overview of the eDiscovery workflow:
+
+:::image type="content" source="../media/ediscovery-workflow.png" alt-text="Diagram illustrating the eDiscovery workflow from trigger event to case creation, search, holds, and review actions in Microsoft Purview." lightbox="../media/ediscovery-workflow.png":::
+
+## Step 1: Start with a trigger event
+
+Every eDiscovery case begins with a trigger event. This event could be a legal request, a regulatory inquiry, or an alert from another Microsoft Purview solution, like Insider Risk Management. Trigger events indicate that something needs deeper investigation, which prompts the creation of a new case.
+
+## Step 2: Create and manage the case
+
+A case brings together everything related to the investigation. It consolidates the searches, review sets, and any applied holds used throughout the lifecycle. You can also assign people to the case to control who has access. Microsoft Purview also supports integration with Insider Risk Management so you can escalate directly from a risk case to eDiscovery.
+
+## Step 3: Search and evaluate content
+
+With the case created, the next step is to run searches to find relevant content. You can search across Exchange, SharePoint, OneDrive, and Teams using keywords or other filters. Search statistics help refine results, and you can preview content to make sure you're capturing what matters. If needed, you can revise or rerun queries to adjust your results as the case develops.
+
+## Step 4: Take action on search results
+
+Once results are in, you have a few paths depending on the goals of the investigation:
+
+- **Export content** if it's ready to be shared with legal or external reviewers.
+- **Add content to a review set** if you need to organize, filter, or analyze it further.
+- **Place a hold** on relevant content to preserve it during the investigation.
+
+A **legal hold** prevents content from being deleted or altered, even if retention policies or user actions would normally allow it. Holds can apply to entire content locations, like a mailbox or SharePoint site, or to specific items returned by a query. They help maintain the integrity of evidence while a case is ongoing.
+
+## Step 5: Review and take action
+
+Review sets are where deeper analysis happens. The investigation team can search within a review set, apply filters, tag items, redact sensitive information, or export selected content. You can also run analytics to reduce the volume of data and help prioritize what gets reviewed first.

learn-pr/wwl-sci/purview-ediscovery-understand/includes/understand-ediscovery-permissions.md

@@ -0,0 +1,18 @@
+Access to eDiscovery tools in Microsoft Purview isn't granted by default. Because eDiscovery involves access to sensitive content, permissions must be explicitly granted to ensure that only authorized individuals can create cases, run searches, place holds, and export data.
+
+## Who typically uses eDiscovery?
+
+eDiscovery is often used by legal teams, compliance officers, and security personnel. Depending on how responsibilities are structured in your organization, tasks might be split across different roles:
+
+- **eDiscovery Admins** configure the overall setup, assign permissions, and manage global settings.
+- **eDiscovery Managers** create and manage cases, run searches, and review content.
+
+Other teams, such as HR or external counsel, might be added to specific cases with limited access based on the scope of the investigation.
+
+## How are permissions assigned?
+
+Access to eDiscovery features is controlled through **role-based access control (RBAC)** in the Microsoft Purview portal. To perform tasks in eDiscovery, users need to be added to a built-in role group such as **eDiscovery Manager** or **Administrator**, or a custom role group with the right permissions.
+
+Permissions are scoped by case. Even if someone has access to the eDiscovery tools, they can't see a specific case unless they're added to it.
+
+This approach helps organizations ensure that investigations are handled securely, with access limited to only users who need it.

learn-pr/wwl-sci/purview-ediscovery-understand/includes/understand-ediscovery.md

@@ -0,0 +1,53 @@
+When an organization needs to respond to a legal investigation or regulatory request, it's not enough to hand over random emails or files. Instead, there's a structured legal process for finding, preserving, reviewing, and producing that information in a way that's defensible. This process is called **eDiscovery**, short for **electronic discovery**.
+
+## eDiscovery as a legal and investigative process
+
+eDiscovery is a process used to identify, collect, and produce electronically stored information (ESI) during legal proceedings, internal investigations, audits, or regulatory reviews. This could include emails, chat messages, documents, or anything else stored digitally that's relevant to a case.
+
+There are generally five stages to the eDiscovery process:
+
+1. **Identification**: Locate potentially relevant information.
+1. **Preservation**: Make sure the content isn't deleted or altered.
+1. **Collection**: Gather the content for analysis.
+1. **Review**: Filter, tag, or redact content before sharing it.
+1. **Export/Production**: Prepare the content for legal teams or regulatory authorities.
+
+While many people think of eDiscovery as something only legal teams handle, that's not always the case. Security teams, compliance officers, and HR professionals also rely on eDiscovery tools to conduct internal investigations and respond to incidents.
+
+## eDiscovery in Microsoft 365
+
+Microsoft 365 includes a built-in set of tools that help organizations manage each step of the eDiscovery process. These tools are available through **Microsoft Purview**, the compliance and risk management portal for Microsoft 365.
+
+When you use Microsoft Purview for eDiscovery, you can:
+
+- Create and manage eDiscovery **cases**
+- Assign **custodians** and place their content on legal hold
+- Run targeted **searches** across mailboxes, Teams messages, OneDrive files, and more
+- Analyze results in **review sets**
+- Export content or even **purge** sensitive items if needed
+
+All of these actions are tracked for auditing purposes and can be restricted based on role-based access controls.
+
+## Use Microsoft Purview for an investigation
+
+Here's a typical example of how someone might use eDiscovery in Microsoft Purview:
+
+Let's say your organization is investigating whether confidential project files were leaked to a competitor. The legal and security teams need to find out:
+
+- Who had access to those files?
+- Were they shared externally?
+- What was said about them in email or Teams?
+
+In Microsoft Purview, they would:
+
+- Create an **eDiscovery case** to contain all activity related to the investigation.
+- Add specific employees as **custodians** and apply a **legal hold** to preserve their data.
+- Use the **Search** feature to look across Exchange, SharePoint, OneDrive, and Teams for references to the project.
+- Add matching results to a **review set**, where they can tag and filter the data.
+- Take appropriate action, such as exporting the results for legal review or purging externally shared content if a data leak is confirmed.
+
+## How Microsoft Purview supports eDiscovery
+
+Microsoft Purview helps organizations take a structured and defensible approach to handling sensitive or legally relevant data. It integrates with Microsoft 365 services like Exchange, SharePoint, OneDrive, Teams, and Microsoft Defender to centralize the eDiscovery process. Instead of relying on manual collection or disconnected searches, Purview allows each step to be tracked, governed, and carried out consistently.
+
+Understanding eDiscovery as both a legal process and a practical workflow helps clarify how Microsoft Purview fits into investigations and compliance tasks. These tools support legal, compliance, security, and HR teams as they work to identify, preserve, and review content in response to investigations or legal obligations.

learn-pr/wwl-sci/purview-ediscovery-understand/index.yml

@@ -0,0 +1,46 @@
+### YamlMime:Module
+uid: learn.wwl.purview-ediscovery-understand
+metadata:
+  title: Understand Microsoft Purview eDiscovery
+  description: "Understand Microsoft Purview eDiscovery."
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: module
+  ms.service: purview
+  hidden: false
+title: Understand Microsoft Purview eDiscovery
+summary: Discover how Microsoft Purview supports a defensible eDiscovery process across Microsoft 365 services. Review how organizations can manage investigations by preserving content, running searches, analyzing results, and controlling access through role-based permissions.  
+abstract: |
+  After completing this module, you'll be able to:
+  - Describe the purpose and stages of the eDiscovery process.  
+  - Compare the classic and new eDiscovery experiences in Microsoft Purview.  
+  - Explain how Microsoft 365 licensing affects feature availability in eDiscovery.  
+  - Identify how permissions are used to control access to sensitive case data.  
+prerequisites: |
+  - General understanding of Microsoft 365 services and user roles.  
+  - Familiarity with organizational compliance or investigation workflows.  
+iconUrl: /training/achievements/generic-badge.svg
+levels:
+- intermediate
+roles:
+- auditor
+- administrator
+products:
+- microsoft-purview
+- m365
+subjects:
+- information-protection-governance
+- security
+- compliance
+units:
+- learn.wwl.purview-ediscovery-understand.introduction
+- learn.wwl.purview-ediscovery-understand.understand-ediscovery
+- learn.wwl.purview-ediscovery-understand.compare-classic-new-ediscovery
+- learn.wwl.purview-ediscovery-understand.understand-ediscovery-lifecycle
+- learn.wwl.purview-ediscovery-understand.understand-ediscovery-permissions
+- learn.wwl.purview-ediscovery-understand.knowledge-check
+- learn.wwl.purview-ediscovery-understand.summary
+
+badge:
+  uid: learn.wwl.purview-ediscovery-understand.badge

learn-pr/wwl-sci/purview-ediscovery-understand/introduction.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.purview-ediscovery-understand.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction"
+  ms.date: 05/15/2025
+  author: wwlpublish
+  ms.author: riswinto
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 1
+content: |
+  [!include[](includes/introduction.md)]