Video: Understanding the Limits of Microsoft’s Purview eDiscovery

In this video you'll learn about the limits of using Microsoft Purview for your organizations eDiscovery needs. Watch to find out more, and see how Expireon can help.

Below is a transcript of the video:

Hi and welcome,

I’m Steve and today I’d like to talk about Microsoft Purview, the new product moniker for the compliance and governance features in Office 365 and Azure.

We’ll have a quick overview about the general direction of the Microsoft offering and discuss challenges organizations still face when discovering information on Office 365 from a legal perspective.

In April 2022, Microsoft rebranded the Information Governance and Communication Compliance features in Office 365 as Microsoft Purview, a name that already existed in the Azure cloud business for a few months but is now the umbrella term for all compliance related features across all Microsoft’s cloud offerings.

The bold idea is that a single set of tools can deliver all you need to keep your data secure, compliant and discoverable – across both Cloud stacks, Microsoft Azure & Office 365.

Microsoft Purview includes three categories:

• “Information Protection & Governance” 
• “Insider Risk Management” 
• As well as “Discovery & Response” 

Let’s have a look at each of these in turn.

“Information Protection & Governance” has a clear emphasis on helping customers to understand the value of their communications data, by introducing data classification across all communications channels.

Once data is classified, intelligent decisions can be made regarding sensitivity and risk, identifying appropriate retention requirements, as well as tagging the information to provide simple records management capabilities.

“Insider Risk Management”, is about managing risk associated with the company’s own employees, such as using abusive language or departing employees trying to take information with them.

This can be a very touchy subject in many organizations, given that these solutions could easily interfere with privacy requirements and regulations such as GDPR.

Here we find all the required tools to discover stored information from a legal perspective and to respond to eDiscovery requests. One can also dig into audit logs and respond to privacy-related data subject requests.

This is of course designed with the needs of legal and compliance users in mind.

As you can see, with Purview, Microsoft has put together a very comprehensive solution.

At Cloudficient, we are most interested in how to use these technologies in the context of enterprise transformation projects.  Through that lens, let’s look at potential challenges when attempting to migrate historical information, like legacy email journal data to Office 365.

Purview constantly analyzes data in a user’s mailbox as well as during transfer for many of the security and compliance features.

It is important to understand that many features, policies, and workflows may be affected by historic data that was created before the current compliance regime within Office 365 was established.

In most cases, email journal data spans a significant amount of time and would very often contain data created well over 5 years ago.

Once imported into Office 365, it’s highly likely this legacy data might contain not-so-appropriate words which would trigger a relevant compliance ruleset.

Suddenly something noteworthy has been uncovered from the past and the organization must think about how to deal with these clearly visible alerts. This can be a real headache, both from a volume standpoint, as well as a difficult compliance issue.

Should the organization ignore the alert, even if it is clearly flagged as a violation, or follow up, even if the legal basis might no longer exist?

Microsoft Purview is built around the notion of a user – a person that owns a mailbox, chats on Teams or shares a file using OneDrive.

On the other hand, historic email journals, are rather object-centric – so even if the mail has been sent to a large distribution list or copied an entire department, only a single corporate copy of that email would exist.

To handle this gap, many companies therefore try to migrate email journal data into hundreds, if not thousands of “Shared Mailboxes”, which will not only need to be licensed, but also clog compliance related dashboards and create meaningless notification emails.

The final topic to consider is that Purview eDiscovery will build an advanced index whenever a case with the relevant custodians is created. This advanced index has many robust features that go beyond what is available in the normal content search but this index must be built on-demand for every mailbox that is part of the investigation.

In the instance where legacy email journal data has been migrated into hundreds, if not thousands of “Shared Mailboxes”, every Shared Mailbox probably holds a few emails where that custodian was mentioned. This means that for every case almost all the shared mailboxes would need to be indexed.

This means every case will be delayed by many hours, if not days before the bulk of the historic information has been indexed in an appropriate way.

Imagine, what this will do to the user experience of your legal team.

So. What can we do to mitigate these issues…

At Cloudficient, we believe that putting historic data into Office 365 and Microsoft Purview has significant downsides.

This why we have developed Expireon, a platform built to manage and discover historic emails, with a direct export capability into “Case Mailboxes” in Office 365 and Purview eDiscovery.

To learn more about Expireon take a look here.

Instead of “poisoning the well” with the old and messy journal data, we suggest complementing Purview Compliance Center with a platform that was made for historic journal data and that blends perfectly into the Microsoft Purview concepts and workflows.

Because the data is analyzed & categorized separately from Office 365 and Purview, there are no false alerts and irritating shared mailbox names in the compliance dashboards.

And because Expireon indexes its content separately from Office 365 and no tiresome indexing of shared mailboxes is required, Purview indexing & search times will remain snappy and usable.

This provides the user experience your legal team needs to be efficient and productive.

So, if you are tasked with migrating legacy journals to Office 365, you now know what to look out for.

And if you are looking at an Enterprise-class migration with thousands of users and dozens or hundreds of terabytes of journal data, you probably want to check out what Expireon can do for you on the Cloudficient website.

By combining next generation migration technology, with a unique, open & intelligent Information governance platform, Cloudficient is revolutionizing the way businesses retire legacy systems and transform their organization into the cloud. Our business constantly remains focused on servicing client needs and creating solution offerings that match them.

If you would like to learn more about how to bring Cloudficiency to your migration project, please visit our website: cloudficient.com