In: Discovery, General

In our previous Microsoft 365 Core eDiscovery blog, we briefly touched on searching and the consequences of mailboxes being larger than 10GB. Today, we are continuing our delve into Microsoft core eDiscovery features. We are going to look at more of the searching and filtering options offered up by this eDiscovery tool. As you will see a myriad of options are available to help you narrow and filter the type results you want to work with. In the end, these features help fulfill our commitment to being a cost-effective and efficient solution for our clients.

Locations 

The first option for narrowing your results is specifying the location that you wish to search. After naming your project, you would then need to define your locations that will be searched. Under the locations tab, you can limit the type of data that will be searched. For example, Exchange Mailboxes, Teams Chats / Sites, Yammer user messages, SharePoint sites and Exchange public folders can be your starting point. In addition to those specific locations, Office365 also provides the user the opportunity to search locations that are on hold.  

Conditions 

Once your locations have been specified, the conditions section is where you get the opportunity to take things to the next level. At NearZero Discovery, we use the conditions section to help pinpoint the data our clients are looking for. The first and most used condition is the Keywords condition. Within the keywords condition, you can use Boolean search operators. Such as AND, OR and NOT, these can help to make your searches more precise. According to Microsoft, other property operators such as ( > or …), quotation marks, parentheses, and wildcards, help you refine a search query. In the past, we used the keywords condition to search for specific words, phrases, and combinations of both. The keywords condition is a great second level in narrowing clients’ searches to find that needle in a haystack. This helps to narrow the amount of data that is exported from O365, which is a very good way of making projects more cost effective for our clients.  

Other than Keywords, there are several useful conditions that we use at NearZero Discovery to further refine our searches before exporting our results. Here is a table of other some of the conditions that we use and a brief description of them. 

Condition Description 
Date The date field from the documents 
Sender/Author The author field from the sent document 
Size (in bytes) The size of the item, in bytes 
Subject / Title The title of the document 
Type The type of document you are searching for 
Received The date the document was received 
Recipients The recipients of the document 
Sender The sender of the document 
Sent The date the document was sent 
Subject The subject field in the document 
To Who the document was sent to, the to field of the document 
Titles The titles of the document 
Created The date the document was created 
Last Modified The date the document was last noted as changed or modified 
File Type  The type of file that is being searched 

These conditions can all be searched in any combination of each other and with any of the keywords or Boolean searches and terminology. As you can see, the great number of options available really helps eDiscovery teams to better find specific documents. At NearZero, we have used the Microsoft Compliance Center’s core eDiscovery searching conditions and features to do the following: 

  • Searching for documents only sent between two dates  
  • Searching for documents only sent to a specific individual containing a specific term or phrase 
  • Searching for documents that start or end with a certain combination of letters (for example, all documents that end with ing or all documents that start with mon). This is effective for finding alternate forms of certain words (e.g., monitor, monitoring, monitored etc.).  
  • Searching for documents only sent within a specified date range, between two individuals, containing a term that is within 5 words of another term (for example, all emails between Britt Winch and Richard Wessel between June 2019 and October 2021 that contain the words “Star Wars” within five words of “Star Trek”) 

In our experience, an important consideration in filtering is to start broad and then narrow down in the relevant areas / conditions. When we do this, we ensure we are not being overly exclusive and missing out on relevant results. Our team is experienced with the core eDiscovery options available on Microsoft 365 Compliance and leverage this experience to make things more cost-effective for our clients.   

Would you like to learn more about our services? Email [email protected] or call 289-803-9730. We would be happy to share more details about our self-service or fully managed eDiscovery services!