Prepare search results for Office 365 Advanced eDiscovery

After a search is successfully run, you can prepare the search results for further analysis with Office 365 Advanced eDiscovery, which lets you analyze large, unstructured data sets and reduce the amount of data that's relevant to a legal case. Advanced eDiscovery features include:

  • Near-duplicate detection   Lets you structure your data review more efficiently, so one person reviews a group of similar documents. This helps prevent multiple reviewers from having to view different versions of the same document.

  • Email threading   Helps you identify the unique messages in an email thread so you can focus on only the new information in each message. In an email thread, the second message contains the first message. Likewise, later messages contain all the previous messages. Email threading removes the need to review every message in its entirety in an email thread.

  • Predictive coding   Lets you train the system   on what you're looking for, by allowing you to make decisions (about whether something is relevant or not) on a small set of documents. Advanced eDiscovery then applies that learning (based on your guidance) when analyzing all of the documents in the data set. Based on that learning, Advanced eDiscovery provides a relevance ranking so you can decide which documents to review based on what document are the most likely to be relevant to the case.

  • Themes   Help you get valuable insight about your data beyond just keyword search statistics. Themes help investigations by grouping related documents so you can look at the documents in context. When using themes, you can view the related themes for a set of documents, determine any overlap, and then identify cross-sections of related data.

  • Exporting data for review applications   You can export data from Advanced eDiscovery and Office 365 after you've completed your analysis and reduced the data set. The export package includes a CSV file that contains the properties from the exported content and analytics metadata. This export package can then be imported to an eDiscovery review application.

Before you begin

  • To analyze a user's data using Advanced eDiscovery, the user (the custodian of the data) must be assigned an Office 365 E5 license. Alternatively, users with an Office 365 E1 or E3 license can be assigned an Advanced eDiscovery standalone license. Administrators and compliance officers who are assigned to cases and use Advanced eDiscovery to analyze data don't need an E5 license.

  • You have to be an eDiscovery Manager or an eDiscovery Administrator in the Office 365 Security & Compliance Center to prepare search results for Advanced eDiscovery. An eDiscovery Manager is a member of the eDiscovery Manager role group. An eDiscovery Administrator is also member of the eDiscovery Manager role group, but has been assigned additional eDiscovery privileges. For instructions about assigning eDiscovery Administrator permissions, see eDiscovery cases in the Office 365 Security & Compliance Center.

  • You have to be an eDiscovery Administrator to access Advanced eDiscovery. That's because eDiscovery Administrators in the Security & Compliance Center are automatically added as administrators in Advanced eDiscovery. Alternatively, you can access Advanced eDiscovery if you are directly added as an administrator in Advanced eDiscovery. For instructions about making someone an administrator in Advanced eDiscovery, see Setting up users and cases.

Step 1: Prepare search results for Advanced eDiscovery

You can prepare the results of a Content Search listed on the Search page in the Security & Compliance Center or for a search that's associated with an eDiscovery case.

  1. In the Security & Compliance Center, do one of the following to prepare search results for Advanced eDiscovery:

    • Click Search & investigation > Content search and then select the search with the data that you want to analyze with Advanced eDiscovery.


    • Click Search & investigation > eDiscovery, double-click the case that you want to prepare search results for, click Searches, and then select a search.

  2. In the details pane, under Analyze results with Advanced eDiscovery, click Prepare results for analysis.

    Note: If the search results are older than 7 days, you will be prompted to update the search results.

  3. On the Prepare results for analysis page, do the following:

    • Choose to prepare indexed items, indexed and unindexed items, or only unindexed items for analysis in Advanced eDiscovery.

    • Choose whether to include all versions of documents found on SharePoint and that met the search criteria. This option appears only if the content sources for the search includes sites.

    • Specify whether you want a notification message sent (or copied) to a person when the preparation process is completed and the data is ready to be processed in Advanced eDiscovery.

  4. Click Prepare.

    The search results are prepared for analysis with Advanced eDiscovery.

Step 2: View the preparation status

  1. In the Security & Compliance Center, select the search that you started the preparation for in Step 1.

  2. In the details pane, under Analyze results with Advanced eDiscovery, click Check preparation status.

    The Preparation status window is displayed. It contains the following information about the preparation process.

    • The number of items.

    • The total size (in KB or MB) of the files.

    • Whether indexed items or unindexed items will be prepared for analysis.

    • The data and time when the preparation process was started.

    • The status of the preparation process.

      When the process is complete, this status message states that the data is ready for analysis in Advanced eDiscovery. An email message is also sent if you provided an email address to send a notification to in Step 1.

Step 3: Add the search results data to a case in Advanced eDiscovery

When the preparation is finished, the final step is to go to Advanced eDiscovery and add the data (from the search) to an Advanced eDiscovery case. As previously explained, to access Advanced eDiscovery you have to be an eDiscovery Administrator in the Security & Compliance Center or an administrator in Advanced eDiscovery.

Note: The time it takes for the data from the Security & Compliance Center to be available to add to a case in Advanced eDiscovery varies, depending on the size of the results from the Content Search.

  1. In the Security & Compliance Center, click eDiscovery, and then click Go to Advanced eDiscovery.

  2. On the Cases page in Advanced eDiscovery, select the case that you want to add the data to, and then click Go to case.

  3. On the Process page, under Container, click the item that corresponds to the search results from Step 2. Note the titles in the list are the names of searches from the Security & Compliance Center.

  4. Click Process to add the selected search results to the case database.

Next steps

After the results of a Security & Compliance Center search are added to a case, the next step is to use the Advanced eDiscovery tools to analyze the data and identify the content that's responsive to a specific legal case. For information about using Advanced eDiscovery, see Office 365 Advanced eDiscovery.

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!