If you want people to use any of the eDiscovery-related tools in the Office 365 Security & Compliance Center, you have to assign them the appropriate permissions. The easiest way to do this is to add the person the appropriate role group on the Permissions page in the Office 365 Security & Compliance Center. This topic describes the permissions required to perform eDiscovery-related tasks using the Security & Compliance Center.
The primary eDiscovery-related role group in Security & Compliance Center is called eDiscovery Manager. There are two subgroups within this role group.
eDiscovery Managers An eDiscovery Manager can use the Content Search tool in the Security & Compliance Center to search content locations in the organization, and perform various search-related actions such as preview and export search results. Members can also create and manage eDiscovery cases, add and remove members to a case, create case holds, and run Content Searches associated with a case. An eDiscovery Managers can only access and manage the cases they create. They can't access or manage cases create by other eDiscovery Managers.
eDiscovery Administrators An eDiscovery Administrator is a member of the eDiscovery Manager role group, and can perform the same Content Search and case management-related tasks that an eDiscovery Manager can perform. Additionally, an eDiscovery Administrator can:
Access all cases that are listed on the eDiscovery cases page in the Security & Compliance Center.
Manage any eDiscovery case after they add themself as a member of the case.
Perform administrative tasks in Advanced eDiscovery, such as setting up users, creating cases, and importing data. This is because a person who is an eDiscovery Administrator in the Security & Compliance Center is automatically added as an administrator in Advanced eDiscovery.
See the More information section for reasons why you might want eDiscovery Administrators in your organization.
Before you begin
You have to be a member of the Organization Management role group (or be assigned the Role Management role) to assign eDiscovery permissions in the Security & Compliance Center.
Assign eDiscovery permissions in the Security & Compliance Center
Sign in to Office 365 using your work or school account.
In the left pane of the Security & Compliance Center, click Permissions, and then click eDiscovery Manager.
Click Edit and then do one of the following based on the eDiscovery permissions that you want to assign.
To make a user an eDiscovery Manager Under eDiscovery Manager, click Add . Select the name of the user (or users) you want to add as an eDiscovery Manager, and then click Add.
To make a user an eDiscovery Administrator Under eDiscovery Administrator, click Add . Select the name of the user (or users) you want to add as an eDiscovery Administrators, and then click Add.
After you've added users, click OK, and then click Save to save the changes to the role group.
Note: You can also use the Add-eDiscoveryCaseAdmin cmdlet to make a user an eDiscovery Administrator. However, the user must be assigned the Case Management role before you can use this cmdlet to make them an eDiscovery Administrator. For more information, see Add-eDiscoveryCaseAdmin.
On the Permissions page in the Security & Compliance Center, you can also assign users eDiscovery-related permissions, by adding them to the Compliance Administrator, Organization Management, and Reviewer role groups. For a list of the eDiscovery-related roles assigned to each of these role groups, see the More information section.
What are the eDiscovery-related roles in the Security & Compliance Center? The following table describes the eDiscovery-related roles in the Security & Compliance Center, and indicates the built-in role groups that each role is assigned to, by default.
eDiscovery Manager & Administrator
Lets users create, edit, delete, and control access to eDiscovery cases in the Security & Compliance Center. For more information, see Manage eDiscovery cases in the Office 365 Security & Compliance Center.
As previously explained, a user must be assigned the Case Management role before you can use the Add-eDiscoveryCaseAdmin cmdlet to make them an eDiscovery Administrator.
Lets users run the Content Search tool in the Security & Compliance Center to search mailboxes and public folders, SharePoint Online sites, OneDrive for Business sites, Skype for Business conversations, Office 365 Groups, and Microsoft Teams. This role allows a user to get an estimate of the search results, but additional roles are needed to perform actions such as previewing, exporting, or deleting search results.
For more information about Content Search, see Run a Content Search in the Office 365 Security & Compliance Center.
Lets users export the results of a Content Search to a local computer. It also lets them prepare search results for analysis in Advanced eDiscovery.
For more information about exporting search results, see Export search results from the Office 365 Security & Compliance Center.
Lets users place content in mailboxes, public folders, sites, Skype for Business conversations, and Office 365 groups on hold. When content is on hold, content owners will still be able to modify or delete the original content, but the content will be preserved until the hold is removed or until the hold duration expires.
For more information about holds, see:
Lets users view a list of items that were returned from a Content Search. They’ll also be able to open and view each item from the list to view its contents.
Let's users see and open the list of the cases on the eDiscovery page in the Security & Compliance Center that they are members of. They can't perform any other case management tasks.
Let's users decrypt RMS-encrypted email messages when exporting search results or preparing search results for analysis in Advanced eDiscovery. For more information about decrypting search results during export, see Export search results from the Office 365 Security & Compliance Center.
Search And Purge
Lets users perform bulk removal of data matching the criteria of a content search. For more information, see Search for and delete email messages in your Office 365 organization.
Why create an eDiscovery Administrator? As previously explained, an eDiscovery Administrator is member of the eDiscovery Manager role group who can view and access all eDiscovery cases in your organization. This ability to access all the eDiscovery cases has two important purposes:
If a person who is the only member of an eDiscovery case leaves your organization, no one (including members of the Organization Management role group or another member of the eDiscovery Manager role group) can access that eDiscovery case because they aren't a member of a case. In this situation, there would be no way to access the data in the case. But because an eDiscovery Administrator can access all eDiscovery cases in the organization, they can view the case in the Security & Compliance Center and add themselves or another eDiscovery manager as a member of the case.
Because an eDiscovery Administrator can view and access all eDiscovery cases, they can audit and oversee all cases and associated compliance searches. This can help to prevent any misuse of compliance searches or eDiscovery cases. And because eDiscovery Administrators can access potentially sensitive information in the results of a compliance search, you should limit the number of people who are eDiscovery Administrators.
Also, eDiscovery Administrators in the Security & Compliance Center are automatically added as administrators in Advanced eDiscovery. That means a person must be an eDiscovery Administrator to perform administrative tasks in Advanced eDiscovery, such as setting up users, creating cases, and importing data in to a case.