Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Office 365 Halts Workload-Specific eDiscovery

Office 365 Moves to Cloud eDiscovery

On January 25, Microsoft program manager Bill Baer posted an announcement in the Microsoft Tech Community to inform customers that Office 365 will block the creation of workload-specific eDiscovery searches and holds from July 1, 2017. These are the searches created and managed through the Exchange Admin Center and SharePoint eDiscovery Center.

Tenants can continue to process eDiscovery cases or perform in-place searches and holds, but if they want to create new searches, they must use the Security and Compliance Center. Because eDiscovery cases and associated in-place holds can last a long time, tenants might have to manage a hybrid eDiscovery environment for several years – or even longer in some cases.

You might have missed the announcement because Microsoft posted it in the Tech Community rather than the Office blog. However, that does not take away from the fact that discarding workload-specific eDiscovery to use Office 365 functionality instead is an important step forward and the right thing to do.

The Past

When Microsoft launched Office 365 in June 2011, the eDiscovery capabilities were cloud versions of whatever features existed in the on-premises Exchange and SharePoint products. Even after the technology refresh in 2013 to use Exchange 2013 and SharePoint 2013 code base, eDiscovery remained firmly linked to its on-premises roots.

Some goodness existed in this approach. On-premises customers were slowly moving to the cloud and it was reassuring to find familiar functionality in Exchange Online and SharePoint Online. However, from a technical perspective, Microsoft had to move away from on-premises implementations to take advantage of the unique capabilities available in its cloud infrastructure.

Change in the Air

Change started with the introduction of the Security and Compliance Center as a focus point for functionality that works across Office 365. At least, that is the idea. Although some parts of Office 365 (like Yammer) remain firmly removed from Office 365 compliance features, great work has been done to build eDiscovery functionality to leverage cloud technology that applies across Exchange and SharePoint. Unified Data Loss Prevention is one example. eDiscovery is even more impressive, especially the Advanced eDiscovery capabilities acquired when Microsoft bought high-end eDiscovery specialists Equivio.

Content searches are the cornerstone of Office 365 eDiscovery. These searches are more scalable and faster than the searches available to Exchange or SharePoint. They can scan more sources too, with support for user mailboxes, public folders, Office 365 Groups, and SharePoint and OneDrive for Business sites (Figure 1). You can combine content searches and holds into eDiscovery cases that are a more developed version of SharePoint eDiscovery cases.

Table 1 summarizes the differences between Exchange searches, SharePoint searches, and Office 365 content searches.

Exchange Admin Center

SharePoint eDiscovery Center

Security and Compliance Center (content searches)

Available for

Exchange 2013, Exchange 2016, Office 365

SharePoint 2013, SharePoint 2016, Office 365

Office 365

Features

Query-based in-place hold

Search limited to 10,000 mailboxes

Deduplication on export

Source and query statistics

Hybrid searches possible from on-premises servers

Query-based in-place hold

Search limited to 10,000 mailboxes

Deduplication on export

Source and query statistics

Export reports

Multi-query export and editing

Preview with hit highlighting

Search unlimited mailboxes

Faster search

Able to search all SharePoint sites and OneDrive for Business sites without requiring specific permissions.

Advanced eDiscovery (requires E5 plan or add-on)

Public folders supported

Feature parity with Exchange Admin Center and SharePoint eDiscovery Center

Table 1: Comparing Office 365 search capabilities

In short, the functionality available to eDiscovery administrators through the Security and Compliance Center is a generation in advance of what is available in Exchange or SharePoint, especially when you throw features like Preservation Policies and Supervisory Review Policies into the mix.

Building Speed and Scalability

The additional speed and scalability available to Office 365 content searches comes through the way searches are implemented in the cloud. On-premises searches performed by either Exchange or SharePoint are limited to whatever a single server can manage. For instance, when you launch an Exchange eDiscovery search, one server is responsible for managing synchronous connections with all the mailbox servers that host mailboxes involved in the search. The same implementation is used for the on-premises and cloud versions of Exchange, but it is limited in terms of scalability and the central server is a potential single point of failure.

Office 365 content searches are cloud-only and therefore can assume that the server fabric within Office 365 datacenters is available to execute work. Searches are divided across multiple servers and asynchronous messages pass between the servers doing the work to keep them updated. The potential for failure is reduced and the workload is parallelized to scale up to deal with far higher volumes of data. In fact, Microsoft has known searches to cover over 700,000 mailboxes in a single operation.

Content searches also include retry logic to handle the situation where a required mailbox or site is offline for some reason. Usually a retry is sufficient to complete a search. Although multiple ways exist to search mailboxes available inside Office 365 (including the Search-Mailbox cmdlet), all except content searches are constrained by on-premises roots. That’s where the difference lies.

Forward Direction

Based on presentations given at the Ignite 2016 conference, Microsoft is building a new data governance model for Office 365 to accommodate all forms of data generated by Office 365 applications – Exchange, SharePoint, Yammer, Skype for Business, and so on. The transition away from workload-specific eDiscovery to embrace cloud eDiscovery is part of that journey.

Connect with Tony @12Knocksinna

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.

by Tony Redmond
Feb 7, 2017

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for Petri.com and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with c...

Microsoft and AI: What Is the Copilot Semantic Index and How Does It Work?

Feb 6, 2024
Mar 21, 2024
How to Grant Full Mailbox Access to Users in Office 365 and Exchange Server

Aug 4, 2023
Aug 08, 2023
Nested Microsoft 365 Groups: What You Need to Know

Jul 12, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.