M365 Purview News August 2023

We've got some legal news to talk about.

Photo by Tingey Injury Law Firm on Unsplash

I came across a couple of different legal news items directly involving M365 Purview eDiscovery tools in the last couple of weeks.

One was a Special Master report from back in October 2022, but I only became aware of it recently.

Granted, the company sharing this news is selling a tool to compete with Purview eDiscovery, but it’s worth taking a look at what Special Master Phillip Favro said in his report:

“As the Special Master understands it, Deal Genius conducted its searches for relevant email on its Microsoft 365 platform. Microsoft 365 allows users to both generate and maintain data in a cloud-based repository. Microsoft 365 has functionality that allows users to conduct searches for particular information. However, Microsoft 365 has technological limitations that may not allow a responding party to generate reliable search results—as would typically be possible with an electronic discovery platform that has a fully indexed database and an advanced search engine—and thus satisfy the Rule 26(g) reasonable inquiry standard. Some of the limitations with Microsoft 365 at issue in the present dispute include the following:

1. Microsoft 365 generally does not fully index the data encompassed within an organization’s Microsoft 365 environment.

2. Microsoft 365 does not accommodate complex Boolean searches, including certain wildcard operators, proximity operators, or connector terms, nor cannot it (sic) handle “fuzzy logic” searches.

3. Microsoft 365 does not allow users to validate their search and production results.”

Before I get into this, a reminder that I’m not a lawyer. I am looking at this through the technical lens as opposed to the legal lens.

From a technical standpoint, all three points are valid, especially in October of last year. If he took a new look at it in the Summer of 2023 number 3 might be reconsidered, as Microsoft has added a number of reports when collecting using Purview Premium eDiscovery. I know a few organizations that found their ability to audit their collection processes sorely lacking previously. Reporting really didn’t exist. Now, there is more reporting but I’m not 100% sure all of those organizations would feel like the reports provided full auditing capabilities. It’s definitely better though.

Items 1 and 2 on the list really haven’t changed. On the other hand, I don’t think they were designed with this use case in mind. I’ve always thought of eDiscovery Premium to be more of an early-case assessment tool than one I would be running complex keyword searches against. Maybe a workflow that collects data based on custodian/location and date range, maybe some very broad key terms. Then, after processing the collected data, I’d use the best tool available to do more complex searches.

X1, in that article above, claims to be able to do this in place with M365 data, filling in the gaps with Purview Premium. I have no knowledge of whether that statement is accurate or not. If I were looking at it though, I’d do a lot of testing to confirm and compare and contrast with my M365 native tool testing.

Quick tip, it’s been a couple of years since I tested any of the third-party collection tools, but when I did test it, there were issues with this scenario - a Teams message deleted by a user whose mailbox is on hold. I would check those kinds of scenarios as well as encrypted data.

The second item, a ruling from June of this year, is also pretty interesting.

Regarding hyperlinked documents, Judge DeMarchi stated: “The Court is persuaded that the commercially available tools plaintiffs suggest may be used for automatically collecting links to non-public documents have no or very limited utility in Meta’s data environments or systems, and even that limited utility (i.e. using the Microsoft Purview eDiscovery (Premium) tool to collect links to SharePoint and OneDrive cloud attachments in Microsoft Exchange environments) would disrupt Meta’s standardized workflow for ESI-related discovery processing across all of its platforms and systems. Accordingly, the ESI protocol should make clear that hyperlinked documents are not treated as conventional attachments for purposes of preserving a “family” relationship in production. However, the Court anticipates that for some documents, it will be important to collect (or attempt to collect) hyperlinked documents and associate them with the underlying ESI in which the links appear. In such circumstances, the parties should consider reasonable requests for production of hyperlinked documents on a case-by-case basis. Such requests should not be made as a matter of routine.”

I don’t know the full background of why using Purview Premium eDiscovery would prove to be so disruptive to Meta’s standard practices, but I could see it.

The larger question I think the legal folks are going to have to come to an agreement on is whether we can consider linked attachments part of a family in the same way as we do when a file is actually attached to an email.

Looking at it technically, I don’t think they are the same. The reason I think that is because the standard collection process will collect the file that exists at that link on the day we run the collection. That is not the file that was shared in most cases. We shouldn’t treat it the same as an email attachment where we would have a copy of the exact file that was shared.

Those files are not the same. The eDiscovery process needs to come to grips with that and the courts are going to have to figure out the best way forward with it.

Yes, there is a way to collect the version as shared, but as we identified a few weeks back, it requires setting an auto-labeling policy before the file is ever shared, let alone when litigation is anticipated.

That’s going to be a tough call, and we’d all be better off if the courts did set the rules of how to handle these things. On the other hand, the tech is changing all the time, so how do they keep up?

What do you think about both of these items? If you are a lawyer, what are your legal takes?

What else am I looking at this month?

• eDiscovery folks are going to need this at some point -

• How to Use a Targeted Collection in a Microsoft 365 Content Search

  • Related - M365 Selective Folder Retrievals – Still Not Easy - Greg makes a valid point, Litigation Support and discovery folks probably aren’t going to be able to run PowerShell scripts.

• Microsoft intros user content backup for M365 - I wonder if eDiscovery folks should be considering the possibility of data existing in backups that isn’t in M365?

• Always interesting to see the reactions to the Copilot pricing model. - Microsoft Solution Providers Weigh In On M365 Copilot Price Tag

• Microsoft Teams 2.0 will add a new Meet app for meetings management in August

• Teams Channel Limit Now at 1,000 - that’s a lot of channels that will contain communication all in one mailbox.

• Become a Microsoft Purview Data Lifecycle and Records Management Ninja - it’s not eDiscovery, but it’s going to help if you understand how these work with your M365 data.

• Microsoft Loop cheat sheet

• Email hack prompts call for Microsoft to make security logs free - this seems like a good idea.

That’s all for this week! As always, this monthly edition is free for everyone. We’ll be back in a week with a deep dive for paid subscribers on a new feature, be sure to subscribe and tell your friends!