Microsoft Purview · eDiscovery

eDiscovery Manager

Create and manage eDiscovery (Standard and Premium) cases with custodian management, review sets, legal hold notifications, advanced indexing, analytics, and ML-powered predictive coding.

Scope: Access limited to eDiscovery cases they create or are added to as members (case-level isolation)

Permissions

  • Case Management - Create and manage eDiscovery (Standard) and eDiscovery (Premium) cases with full lifecycle
  • Case Members - Add and remove case members, assign reviewer roles, manage team access
  • Content Search - Perform content searches with KQL across Exchange, SharePoint, OneDrive, Teams, Microsoft 365 Groups
  • Legal Holds - Place and manage legal holds on mailboxes, sites, Teams, and OneDrive locations
  • Custodian Management - Manage custodians: add custodians, identify data sources, track acknowledgments
  • Hold Notifications - Send legal hold notifications and manage custodian communication workflows
  • Review Sets - Create and manage review sets for advanced document analysis and coding
  • Advanced Indexing - Use advanced indexing to ensure all content is searchable (process error remediation)
  • Analytics - Run analytics: near-duplicate detection, email threading, conversation reconstruction, themes analysis
  • Predictive Coding - Create and train predictive coding models for ML-powered relevance ranking (eDiscovery Premium)
  • Document Tagging - Tag documents, create review set queries, apply filters for responsive vs non-responsive
  • Export - Export search results, review set data, and case evidence with native/PDF formats
  • Preview - Preview and analyze search results, view metadata, and decrypt RMS-protected content
  • Case Settings - Configure case settings: analytics options, OCR for images, search permissions
  • Hold Monitoring - Monitor hold status, view hold errors, manage query-based holds for targeted preservation

Common use cases

  • Legal department conducting internal investigations (fraud, misconduct, policy violations)
  • Responding to litigation discovery requests with advanced review set workflows
  • HR investigations into employee misconduct with custodian communication tracking
  • Compliance investigations for regulatory requirements (FCPA, SOX, GDPR, CCPA)
  • Managing multi-custodian complex litigation with hundreds of thousands of documents
  • Using predictive coding to reduce review costs on large document collections
  • Coordinating with outside counsel on eDiscovery production and exports
  • Regulatory investigations requiring proof of legal hold notification compliance
  • Preparing evidence for depositions, trials, or regulatory submissions
  • Managing privilege review workflows with tagging and analytics

Best practices

  • Create separate cases for each investigation to maintain proper boundaries and privilege protection
  • Document business justification and legal basis for each case in case notes
  • Use targeted search queries (specific date ranges, custodians, keywords) to minimize data collection
  • Apply holds immediately upon litigation trigger event - do NOT delay to avoid spoliation
  • Send legal hold notifications within 24-48 hours of custodian identification
  • Track custodian acknowledgments and follow up on non-responses with reminders and escalations
  • Use query-based holds to limit over-preservation and reduce storage costs
  • Regularly review and remove holds when litigation concludes to reduce compliance burden
  • Coordinate with legal counsel before initiating cases, adding custodians, or exporting data
  • Run analytics (near-duplicates, email threading) before review to reduce document volume
  • Use predictive coding on large document sets (10,000+ docs) to prioritize relevant content
  • Implement consistent tagging protocols across review teams for privilege, responsiveness, issues
  • Export native files for production, not just PDFs, to preserve metadata and formatting
  • Monitor advanced indexing status and remediate partially indexed items before collection
  • Use review set queries to create privilege logs and responsive document sets

Security considerations

  • Can access highly sensitive communications, documents, and privileged attorney-client materials
  • All search and export activities are logged in audit logs - subject to monitoring and oversight
  • Ensure proper training on data privacy laws (GDPR, CCPA) and legal privilege protections
  • Limit eDiscovery Manager assignments to legal staff, compliance officers, and trained HR professionals
  • Review search queries to prevent overly broad data access beyond litigation scope
  • Case members should be limited to need-to-know basis - do not add unnecessary reviewers
  • Exported data must follow chain of custody procedures and be stored securely
  • Legal hold notifications may reveal investigation subjects - coordinate with legal counsel
  • Predictive coding training data selection can introduce bias - use diverse training sets
  • Analytics results (themes, near-duplicates) are probabilistic - always validate critical findings
  • RMS decryption permissions allow viewing encrypted content - assign carefully
  • Consider using Privileged Identity Management (PIM) for time-limited just-in-time activation
  • Maintain separation from IT admin roles to preserve attorney-client privilege and work product
  • Monitor for potential data exfiltration via excessive exports or broad searches

Common questions

When should I assign the eDiscovery Manager role?

Assign eDiscovery Manager when you need to: Legal department conducting internal investigations (fraud, misconduct, policy violations); Responding to litigation discovery requests with advanced review set workflows; HR investigations into employee misconduct with custodian communication tracking; Compliance investigations for regulatory requirements (FCPA, SOX, GDPR, CCPA); and Managing multi-custodian complex litigation with hundreds of thousands of documents. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the eDiscovery Manager role do?

The eDiscovery Manager role grants permissions including: Case Management - Create and manage eDiscovery (Standard) and eDiscovery (Premium) cases with full lifecycle; Case Members - Add and remove case members, assign reviewer roles, manage team access; Content Search - Perform content searches with KQL across Exchange, SharePoint, OneDrive, Teams, Microsoft 365 Groups; Legal Holds - Place and manage legal holds on mailboxes, sites, Teams, and OneDrive locations; Custodian Management - Manage custodians: add custodians, identify data sources, track acknowledgments; and Hold Notifications - Send legal hold notifications and manage custodian communication workflows. See the Permissions section above for the full list.

What are the security risks of the eDiscovery Manager role?

Key considerations when assigning eDiscovery Manager: Can access highly sensitive communications, documents, and privileged attorney-client materials; All search and export activities are logged in audit logs - subject to monitoring and oversight; Ensure proper training on data privacy laws (GDPR, CCPA) and legal privilege protections; and Limit eDiscovery Manager assignments to legal staff, compliance officers, and trained HR professionals. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →