Microsoft Purview · eDiscovery

eDiscovery Manager

Create and manage eDiscovery (Standard and Premium) cases with custodian management, review sets, legal hold notifications, advanced indexing, analytics, and ML-powered predictive coding.

Scope: Access limited to eDiscovery cases they create or are added to as members (case-level isolation)

Permissions

  • Case Management - Create and manage eDiscovery (Standard) and eDiscovery (Premium) cases with full lifecycle
  • Case Members - Add and remove case members, assign reviewer roles, manage team access
  • Content Search - Perform content searches with KQL across Exchange, SharePoint, OneDrive, Teams, Microsoft 365 Groups
  • Legal Holds - Place and manage legal holds on mailboxes, sites, Teams, and OneDrive locations
  • Custodian Management - Manage custodians: add custodians, identify data sources, track acknowledgments
  • Hold Notifications - Send legal hold notifications and manage custodian communication workflows
  • Review Sets - Create and manage review sets for advanced document analysis and coding
  • Advanced Indexing - Use advanced indexing to ensure all content is searchable (process error remediation)
  • Analytics - Run analytics: near-duplicate detection, email threading, conversation reconstruction, themes analysis
  • Predictive Coding - Create and train predictive coding models for ML-powered relevance ranking (eDiscovery Premium)
  • Document Tagging - Tag documents, create review set queries, apply filters for responsive vs non-responsive
  • Export - Export search results, review set data, and case evidence with native/PDF formats
  • Preview - Preview and analyze search results, view metadata, and decrypt RMS-protected content
  • Case Settings - Configure case settings: analytics options, OCR for images, search permissions
  • Hold Monitoring - Monitor hold status, view hold errors, manage query-based holds for targeted preservation

Common use cases

  • Legal department conducting internal investigations (fraud, misconduct, policy violations)
  • Responding to litigation discovery requests with advanced review set workflows
  • HR investigations into employee misconduct with custodian communication tracking
  • Compliance investigations for regulatory requirements (FCPA, SOX, GDPR, CCPA)
  • Managing multi-custodian complex litigation with hundreds of thousands of documents
  • Using predictive coding to reduce review costs on large document collections
  • Coordinating with outside counsel on eDiscovery production and exports
  • Regulatory investigations requiring proof of legal hold notification compliance
  • Preparing evidence for depositions, trials, or regulatory submissions
  • Managing privilege review workflows with tagging and analytics

Best practices

  • Create separate cases for each investigation to maintain proper boundaries and privilege protection
  • Document business justification and legal basis for each case in case notes
  • Use targeted search queries (specific date ranges, custodians, keywords) to minimize data collection
  • Apply holds immediately upon litigation trigger event - do NOT delay to avoid spoliation
  • Send legal hold notifications within 24-48 hours of custodian identification
  • Track custodian acknowledgments and follow up on non-responses with reminders and escalations
  • Use query-based holds to limit over-preservation and reduce storage costs
  • Regularly review and remove holds when litigation concludes to reduce compliance burden
  • Coordinate with legal counsel before initiating cases, adding custodians, or exporting data
  • Run analytics (near-duplicates, email threading) before review to reduce document volume
  • Use predictive coding on large document sets (10,000+ docs) to prioritize relevant content
  • Implement consistent tagging protocols across review teams for privilege, responsiveness, issues
  • Export native files for production, not just PDFs, to preserve metadata and formatting
  • Monitor advanced indexing status and remediate partially indexed items before collection
  • Use review set queries to create privilege logs and responsive document sets

Security considerations

  • Can access highly sensitive communications, documents, and privileged attorney-client materials
  • All search and export activities are logged in audit logs - subject to monitoring and oversight
  • Ensure proper training on data privacy laws (GDPR, CCPA) and legal privilege protections
  • Limit eDiscovery Manager assignments to legal staff, compliance officers, and trained HR professionals
  • Review search queries to prevent overly broad data access beyond litigation scope
  • Case members should be limited to need-to-know basis - do not add unnecessary reviewers
  • Exported data must follow chain of custody procedures and be stored securely
  • Legal hold notifications may reveal investigation subjects - coordinate with legal counsel
  • Predictive coding training data selection can introduce bias - use diverse training sets
  • Analytics results (themes, near-duplicates) are probabilistic - always validate critical findings
  • RMS decryption permissions allow viewing encrypted content - assign carefully
  • Consider using Privileged Identity Management (PIM) for time-limited just-in-time activation
  • Maintain separation from IT admin roles to preserve attorney-client privilege and work product
  • Monitor for potential data exfiltration via excessive exports or broad searches

Official Microsoft Learn documentation →

Open the interactive RBACMap →