Microsoft Purview · eDiscovery

eDiscovery Administrator

All eDiscovery Manager permissions PLUS organization-wide access to all cases, global eDiscovery settings management, and hold report oversight across entire tenant.

Scope: Organization-wide access to ALL eDiscovery cases, settings, and administrative functions across entire tenant

Permissions

  • Manager Permissions - ALL permissions of eDiscovery Manager (cases, searches, holds, review sets, analytics, predictive coding)
  • All Cases Access - View, access, and manage ALL eDiscovery cases across entire organization (no case isolation limits)
  • Global Settings - Configure organization-wide eDiscovery settings: analytics preferences, OCR settings, search permissions
  • Global Workflows - Manage custodian workflows and legal hold notification templates globally
  • Hold Reports - Access hold report (Premium) to view all holds across all cases tenant-wide
  • Case Management - Add, remove, or modify members in ANY case (including cases created by other managers)
  • Case Deletion - Delete and close any eDiscovery case regardless of who created it
  • Case Override - Override case permissions and access privileged attorney-client materials in all cases
  • Indexing Management - Manage advanced indexing settings and reprocessing jobs organization-wide
  • Role Management - Configure eDiscovery role groups and assign eDiscovery permissions to other users
  • Activity Reports - View and export comprehensive eDiscovery activity reports and analytics across all cases
  • Troubleshooting - Troubleshoot and resolve eDiscovery issues across all cases and investigations
  • Storage Management - Manage eDiscovery storage quotas, limits, and performance optimization
  • Orphaned Cases - Access abandoned or orphaned cases when original managers leave organization

Common use cases

  • General Counsel or Chief Legal Officer requiring oversight of all legal matters and litigation
  • Centralized eDiscovery operations center managing all legal discovery across organization
  • Emergency access to critical cases when original case manager is unavailable or has left company
  • Compliance audits of eDiscovery activities and legal hold compliance across all cases
  • Managing global eDiscovery program: templates, processes, best practices, training
  • Troubleshooting complex eDiscovery issues across multiple cases or custodians
  • Providing hold reports to executive leadership on litigation risk and preservation status
  • Managing eDiscovery during organizational restructuring, mergers, or acquisitions
  • Coordinating with outside counsel on high-stakes litigation requiring cross-case visibility
  • Ensuring consistent eDiscovery practices and quality control across legal team

Best practices

  • Limit eDiscovery Administrator role to 1-2 senior legal leaders maximum (General Counsel, eDiscovery Director)
  • Use eDiscovery Administrator primarily for oversight, emergency access, and global settings - NOT day-to-day case work
  • Implement formal approval workflows and justification for accessing other managers' cases
  • Regularly audit eDiscovery Administrator activities using Advanced Audit logs
  • Maintain strict confidentiality and privilege protection across all accessed cases
  • Document business justification for any cross-case access in compliance records
  • Use this role to establish organization-wide eDiscovery standards, templates, and policies
  • Conduct quarterly hold reports to identify stale holds and reduce preservation costs
  • Review eDiscovery Manager assignments periodically and remove unnecessary access
  • Establish ethical walls procedures for cases with conflicts of interest
  • Use Privileged Identity Management (PIM) for just-in-time activation of this highly privileged role
  • Separate eDiscovery Administrator from IT admin roles to maintain attorney-client privilege
  • Create playbooks and runbooks for common eDiscovery scenarios to ensure consistency
  • Monitor eDiscovery storage consumption and archive/delete old cases to manage costs
  • Provide training and mentorship to eDiscovery Managers on best practices

Security considerations

  • HIGHEST RISK eDiscovery role - can access ALL investigations and privileged attorney-client materials
  • Cross-case access can create conflicts of interest - establish ethical walls and Chinese walls
  • Must maintain absolute attorney-client privilege and confidentiality across all accessed matters
  • Should NEVER be combined with IT admin roles to preserve privilege and work product protections
  • All activities are permanently logged in Advanced Audit - subject to external audit and oversight
  • Access to multiple cases simultaneously increases insider threat risk - monitor closely
  • Exported data across multiple cases must follow strict chain of custody and encryption
  • Hold report access reveals litigation strategy and risk - protect from unauthorized disclosure
  • Can delete cases and destroy evidence - establish approval workflows for case deletion
  • REQUIRED to use Privileged Identity Management (PIM) for just-in-time activation
  • Should have segregated user account (admin account vs daily work account)
  • MFA and conditional access required - consider location-based access restrictions
  • Annual ethics training and confidentiality agreements required
  • May be called as witness in litigation if accessing cases - document all justifications

Common questions

When should I assign the eDiscovery Administrator role?

Assign eDiscovery Administrator when you need to: General Counsel or Chief Legal Officer requiring oversight of all legal matters and litigation; Centralized eDiscovery operations center managing all legal discovery across organization; Emergency access to critical cases when original case manager is unavailable or has left company; Compliance audits of eDiscovery activities and legal hold compliance across all cases; and Managing global eDiscovery program: templates, processes, best practices, training. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the eDiscovery Administrator role do?

The eDiscovery Administrator role grants permissions including: Manager Permissions - ALL permissions of eDiscovery Manager (cases, searches, holds, review sets, analytics, predictive coding); All Cases Access - View, access, and manage ALL eDiscovery cases across entire organization (no case isolation limits); Global Settings - Configure organization-wide eDiscovery settings: analytics preferences, OCR settings, search permissions; Global Workflows - Manage custodian workflows and legal hold notification templates globally; Hold Reports - Access hold report (Premium) to view all holds across all cases tenant-wide; and Case Management - Add, remove, or modify members in ANY case (including cases created by other managers). See the Permissions section above for the full list.

What are the security risks of the eDiscovery Administrator role?

Key considerations when assigning eDiscovery Administrator: HIGHEST RISK eDiscovery role - can access ALL investigations and privileged attorney-client materials; Cross-case access can create conflicts of interest - establish ethical walls and Chinese walls; Must maintain absolute attorney-client privilege and confidentiality across all accessed matters; and Should NEVER be combined with IT admin roles to preserve privilege and work product protections. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →