Tag Archives: Data Discovery

April 9, 2025 · 11:37 AM

The Three Different eDiscovery Approaches to Address Microsoft 365 Data

By John Patzakis

Microsoft reports 345 million paid users worldwide of its Microsoft 365 platform (“M365”), spanning over two million companies, with more than one million of them based in the United States. M365’s cloud-based data sources such as OneDrive, Outlook mail, Teams and SharePoint online represent arguably the majority of ESI being produced in litigation going forward. However, M365 presents significant eDiscovery challenges and costs, requiring legal and eDiscovery professionals to be aware of the various methods to address this critical data source.

This article briefly addresses the benefits and challenges of each of the three main approaches to addressing eDiscovery and information governance in M365: 1) Utilizing Microsoft Purview; 2) Outsourced Services; or 3) Relying on a 3rd Party Purpose-build eDiscovery Solution.

Microsoft Purview
Microsoft Purview is the built-in M365 eDiscovery tool. It comes in different licensing tiers, the highest and most useful being Premium, or also known as E5 licenses. A key benefit of utilizing Purview Premium is that it’s integrated with M365, which is obviously convenient for workflow and also budgeting. Purview features a good legal hold process that allows the application of legal holds in place for key M365 data sources.

There is also a good consultant ecosystem to provide training and add-on services, which are often needed to address the larger projects at extra cost. And a premium license provides other functionalities unrelated to eDiscovery such as data analytics for business as well as a lot of security functions.

As far as the challenges of MS Purview Premium that we hear from users, a common complaint is that it can be very expensive, with licenses costing about $600 per employee annually. For large cases, licenses for several thousand custodians run in the millions of dollars and well into the tens of millions when you are dealing with a company with about 40,000 employees.

But the biggest complaint that we hear is that it’s not suited for large cases, M365 is built for user productivity, and the shared architecture is designed to support hundreds of millions of global users with normal individual workloads. eDiscovery and information governance projects are very large and aberrant workloads, so the system is designed to throttle large data throughputs. For instance, when you start a case in Purview, a separate and new index is created to allow eDiscovery and compliance searches in Purview, but there is a 2 GB hourly limit when creating this index — according to Microsoft’s own documentation — which limits your ability to address larger cases in a timely manner. There are many documented concerns about the accuracy and transparency of search results and data exports, especially as cases get bigger and there’s more custodians with higher volumes. Also, large attachments over 150 mb are not being a supported, as well as many filetypes such as engineering files like CAD drawings. MS only supports 50 file types, while the right eDiscovery software will support over 500.

These search accuracy and throughput limitations were called out by a Special Master Phillip Favro in the case of Deal Genius, LLC v. O2COOL, LLC, No. 21-C-2046, 2022 WL 17418933, at *1–2 (N.D. Ill. Oct. 24, 2022), and further expounded upon by Favro is his recent technical whitepaper:

“Purview eDiscovery does not provide the advanced features offered by a full service e-discovery platform needed to support discovery efforts in complex cases such as multidistrict litigation and class actions or regulatory investigations like Hart-Scott-Rodino Second Requests. Even small lawsuits that involve high volumes of ESI can present difficulties for organizations that wish to manage much of their discovery process with Purview eDiscovery. Responding parties that rely on Purview eDiscovery may not be able to perform a comprehensive search to reasonably identify relevant information. Responding parties who wish to incorporate Purview eDiscovery functionality into their discovery workflows must understand its search limitations and take steps to address them so they can establish the defensibility of their discovery process.” “Microsoft Purview eDiscovery: Key Features and Limitations,” Practical Law (July 2024).

Finally, Purview only addresses data within 365. It’s not going to address data sources such as Slack, or on-premises sources including laptops, fileshares, even on prem exchange or on-Prem SharePoint.

Outsourced Services
The second approach to addressing M365 for eDiscovery is to retain an outsourced service provider. There are well over 100 consulting firms that perform such services, and the main benefit is that the right consultants can get the job done. The consultants know how to export M365 data into a standard eDiscovery workflow, are very good at project management, and are well-versed with working with attorneys and their litigation deadlines. For companies that are smaller without the internal resources or expertise or have backlogs, this can be a good approach.

The main drawback is that it can be very expensive, because often times what we generally see is the service providers parachute in and run very basic scripts to conduct a mass data export from M365. After that, it defaults to a traditional eDiscovery workflow with processing tools, a lot of manual services, and then an upload to a standard review platform. This reactive approach results in a high amount of expensive data overcollection. Additionally, outsourced service providers typically require very high level, super-admin privileges in order to run their bulk data download scripts, which can be a significant concern from a security standpoint. These privileges can be delegated sometimes without the company’s knowledge, so it is important to be aware of and audit the privileges that are being granted.

Also, we have seen that for large eDiscovery collection projects in Europe, EU based companies are required to perform a data protection impact analysis (DPIA), and mass bulk collections involving copying of all the employees’ emails and other sensitive files and taking that data offsite are frowned upon by privacy auditors. That approach runs afoul of the GDPR’s proportionality and data minimalization requirements.

Third Party eDiscovery Software Solution
And finally, a third approach is utilizing a non-Microsoft eDiscovery solution that’s purpose- built to conduct eDiscovery, including by connecting to M365. A benefit of this approach is that the right solution can scale for larger data sets. This is particularly important for information governance projects such as data compliance audits. The good solutions will not require expensive Premium Purview licensing for every custodian and will enable you to employ it as an established and repeatable process. It can also address the indexing throughput and completeness challenges in Purview. And finally, a platform like this should be able to support data outside of M365 such as on-premises sources or data such as Slack.

One of the challenges of an in-house system is that internal IT resources or tech savvy paralegals are needed to run the process. Some technology platforms still require you to have the most expensive Purview Premium licensing to support essential functionality, such as collection of hyper-linked documents, and other key features. Further, many of these vendors are simply providing repurposed email archiving platforms, which function by a mass copy and transfer of all the organization’s data in M365. This poses significant logistical challenges in terms of scalability, not to mention unnecessary cost. M365 does not easily allow for the mass data download, which can lead to errors and data corruption, as in the recent case of FTC v. Match Group, No. 3:19-CV-2281-K, 2025 WL 46024, at *4 (N.D. Tex. Jan. 7, 2025) where MS Purview exports to an email archival system failed, resulting in court imposed discovery sanctions. So, if the solution does not allow for index in place functionality, but a bulk download, copy and data transfer, then there can be significant challenges with that approach.

The X1 Enterprise platform for 365 and on-premises sources takes a unique approach with a micro indexing architecture so that each data source and each custodian is associated with their own index. This enables a true index in place keep capability for targeted search and analytics at the point of collection, which enables the bypassing of most of the M365 throttling issues so that hundreds of custodians can be addressed in hours, not weeks. Our customers have successfully addressed matters involving thousands of custodians and upwards of 80 terabytes of M365 data that was indexed in a very short period of time. X1 Enterprise does not require Purview Premium licensing to address all the required functionality, such as the search and collection of hyperlinked files, archived email, inactive mailboxes, as well as many other detailed requirements.

Simply put, we believe X1 Enterprise is the best solution available to address M365 data for eDiscovery and information governance requirements.

Ready to Learn More?
For companies navigating complex information governance and eDiscovery requirements, including those involving M365, organizations that rely on the  X1 Enterprise Platform  not only reduce costs and save valuable time but also gain a strategic advantage in managing their eDiscovery and information governance needs. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Cloud Data, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, law firm, m365, Preservation & Collection

Tagged as , , , , , , ,

August 27, 2024 · 10:36 AM

Addressing Critical Information Governance Challenges from Departing Employees

By John Patzakis and Chas Meier

When employees leave an organization, they often leave behind a significant amount of valuable information. This poses major information governance challenges, as companies must decide how to manage litigation holds and retain essential data assets.

A common response to this challenge is to retain departed employees’ laptops, hard drives, or keep their Microsoft 365 or Google Workspace accounts active. However, this approach is both expensive and inefficient. Another often-used method is creating a full disk image of the laptop for archiving. While this preserves data, it is a slow and cumbersome process that can require vast amounts of storage, sometimes reaching petabytes, which becomes both costly and unwieldy. Neither approach offers the ability to gain insights from the data, nor do they allow for intelligent and targeted data extraction, making it difficult to leverage these data assets effectively or comply with legal and regulatory requirements.

To address these challenges, X1 has developed a game-changing workflow utilizing our X1 Enterprise Platform, offering a streamlined and cost-effective solution. With our platform, organizations can process hundreds of laptops and Microsoft 365 accounts in a single day. Leveraging X1’s unique and patented in-place indexing technology, data extraction becomes highly targeted, allowing for efficient responses to litigation holds. This means that each litigation scenario can have a tailored search applied across all relevant data sources simultaneously, enabling precise data extraction.

For example, one company with over two dozen active litigation holds has employed X1’s solution, allowing them to save detailed keyword search routines crafted by their counsel. These searches can be quickly and programmatically applied not only to data on specific laptops but also to archived PSTs and associated Microsoft 365 accounts. Once the targeted data is extracted, the company repurposes the laptops for new employees, resulting in significant cost savings—estimated to be in the millions—and a reduction in storage requirements.

Beyond managing litigation holds, another core benefit of X1’s solution is its ability to extract key data assets from departed employees to retain within the company’s knowledge base. This capability is especially valuable for law firms, consulting firms, and organizations that rely heavily on high-end knowledge professionals. For instance, one law firm uses X1’s workflow to rapidly search large, archived PST files from departed attorneys to identify and separate key data related to ongoing matters. This ensures that crucial information remains accessible to the firm or is appropriately transferred to the attorney’s new firm. Additionally, vital legal and business insights from retained documents and emails are quickly mined and reviewed, enhancing the firm’s overall knowledge management.

Client Example:
Overview: A major pharmaceutical retailer uses X1 within Relativity to perform 50 data collections weekly, covering both Mac and PC environments. The system allows them to repurpose laptops from departed employees within days instead of months, leading to substantial savings.
Integration: The company eliminated the need for traditional eDiscovery tools to remediate laptops, opting instead for X1’s more efficient approach.
Time and Cost Savings: This shift has saved the company millions by:
1. Reducing the reliance on costly traditional eDiscovery tools.
2. Minimizing the risk and cost associated with retaining unnecessary data.
3. Reintroducing millions of dollars’ worth of computer equipment back into circulation.
4. Completing these processes in one-tenth the time it would have traditionally taken, vastly improving operational efficiency.

Conclusion:
In today’s fast-paced and data-driven world, organizations face numerous challenges when it comes to managing and retaining data from departed employees. Traditional methods, such as retaining physical devices or creating full disk images, are not only costly and time-consuming but also fail to provide the flexibility and insight needed to effectively manage information assets. X1’s innovative solutions, particularly its patented in-place indexing technology, offer a modern, scalable, and efficient alternative. By enabling targeted data extraction, streamlining the process for litigation holds, and supporting knowledge retention, X1 empowers organizations to manage data governance with precision and agility.

For companies navigating complex data environments, especially those utilizing BYOD policies, X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1’s advanced platform, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. We invite you to explore how X1 can transform your data management processes and help you stay ahead in the ever-evolving digital landscape.

Leave a comment

Filed under Uncategorized

Tagged as , , , , , , , , , ,

June 25, 2024 · 11:28 AM

X1 Achieves Unmatched Throughput and Results in Several Recent M365 eDiscovery and Information Governance Engagements

By John Patzakis and Chas Meier

As discussed previously on this blog, X1 and our active enterprise customers believe X1 Enterprise Collect is the best solution available to address M365 data sources as well as on-premises sources such as laptops and file shares. In recent weeks, our customers and partners have executed several projects on a massive scale and have captured and documented X1’s performance metrics.

No other solution in the industry can index data across the enterprise as fast or as scalable as the X1 Enterprise platform, including Microsoft Purview Premium. When compared to Microsoft Purview, with its built-in architectural constraints and throttling limitations, X1 can index nearly eight times the daily volume of Purview or any other competitive “connector” technology can achieve in the market. X1’s distributed index-in-place methodology, combined with horizontal scaling of our index hosts, make X1 the only solution truly capable of handling the rapid indexing, identification, searching and collecting/remediation of mass data sets in the TB’s or PB’s across the modern enterprise. X1 effectively addresses cloud and on-premises data sources in a unified manner, including distributed endpoints, network file shares, M365 data sources including Mail, OneDrive, Teams, and SharePoint, as well as other cloud data sources.

In several recent large-scale eDiscovery and information governance projects, X1 Enterprise Collect, on average, was able to collect and index M365 data (MS Mail [including archived mail and modern attachments] Teams, One Drive and SharePoint) at a rate of approximately 350 GB per day. This is nearly 8 times faster than Microsoft Purview, with its documented throughput limitations at 2GB per hour. X1 can achieve even faster throughput by scaling out virtual cloud computing resources.

Daily indexing volumes for endpoints and on-premises file shares vary due to the performance characteristics of each machine, but X1 indexes and searches endpoints in parallel yielding extremely high aggregate daily indexing and collection throughput.

Detailed documentation on these metrics and a further briefing on these engagements can be provided upon request.

X1 achieves such scalability through a decentralized approach that does not rely on the M365 or Purview search Index, which has known issues with the number of file types supported, consistency of search results, accuracy, and throughput. X1’s approach enables a very scalable, accurate, defensible, and robust indexing and data collection at unmatched speeds.

In addition to greatly reducing risk, X1’s capabilities also enable massive cost savings. X1 Enterprise Collect significantly streamlines the eDiscovery workflow by bringing targeted collection results directly into the review platform, thereby eliminating over collection, over processing, and over importing just to cull. X1 will populate ESI (Electronically Stored Information) straight into Relativity from an X1 collection without multiple hand offs, extensive project management and inefficient data processing.

The ability to collect data directly and transparently from custodian laptops, desktops, M365 and other cloud sources into a RelativityOne/Relativity workspace is a game-changer that enables legal and compliance teams to begin review in hours rather than weeks. As facts become known and collection focus changes, X1 allows teams to pivot and respond in hours. With the ability to efficiently take multiple bites of the apple, X1 enables teams to start fast and stay agile.

For a demonstration of the X1 Enterprise Collect Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-collect-platform.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, MS Teams, OneDrive, Preservation & Collection, SharePoint

Tagged as , , , , , , , , , , ,

May 7, 2024 · 9:28 AM

Index and Search In-Place Workflows Are Essential for Information Governance

By John Patzakis and Charles Meier

Information Governance

Accurate pre-collection data insight is a game-changing capability that enables organizations and their legal teams to determine the scope, volume, and content of electronic information before the very disruptive and expensive step of collecting the data. This insight is enabled through distributed index and search in-place technology.

A true distributed index and search in-place capability for unstructured data requires a software-based indexing technology be deployed directly onto fileservers, laptops, or in the cloud to address Microsoft 365 and other cloud-based data sources. This indexing occurs where the data sources reside without requiring a bulk transfer of the data to a central location. Once indexed, searches can be performed in seconds, supporting complex Boolean operators, metadata filters and regular expressions. Searches can be iterated and refined without limitation, which is critical for large data sets.

While our previous blog post addressed the critical importance of this capability in eDiscovery matters, it is equally essential in information governance projects such as PII audits, the purging of redundant, obsolete or trivial (ROT) data, and due diligence and data separation efforts in support of corporate mergers and acquisitions. Many X1 customers have recently employed our indexing in-place technology on such projects with remarkable success.

Incredibly, many of these customers also received alternative proposals that leverage traditional eDiscovery workflows presenting much higher estimated costs and much longer durations. Traditional eDiscovery workflows mandate broad and manual data collection, copying and migration efforts, large scale data processing, and loading the data into a different platform for review and analysis. There are three fundamental reasons why this “traditional approach” is fatally flawed for information governance projects.

  1. Prohibitive Cost and Risk. The data scope of information governance projects involves terabytes and sometimes petabytes of data. Mass collection, copying and migration of these data sets with manual hand-offs for later analysis in a centralized location is extremely expensive, disruptive, and time consuming. Also, mass duplication and egress of enterprise data under control to execute ROT, PII, data separation or other due diligence projects is completely antithetical to their very purpose.
  2. The “Now What?” Problem. Let’s assume an organization has decided to incur the enormous cost, disruption and risk associated with the mass copying, migration, and centralization of unstructured data, and after loading the data into a review process, a key subset of documents and emails are finally identified for purging or other remedial action. Now what? You are merely working with copies! The live “original” emails and documents are in M365, email accounts, file servers or on laptops. It is possible to manually retrace and remediate, but that process is expensive and disruptive.
  3. Instant Staleness. Finally, a mass copying and migration effort often requiring several weeks to complete, is immediately stale once eventually completed as the live data in its original location has inevitably changed.

X1 solves these challenges though our proprietary and patented distributed index and search in-place technology that enables scale by bringing true distributed indexing in-place to laptops, file shares, M365 and other cloud sources. X1 Enterprise Collect significantly streamlines information governance workflows by identifying and allowing for the remediation of targeted data in-place, thereby eliminating the need for expensive and cumbersome data duplication and migration.

For a demonstration of the X1 Enterprise Collect Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-collect-platform.

Leave a comment

Filed under Cloud Data, compliance, Corporations, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, law firm, Preservation & Collection

Tagged as , , , , , , , , ,

December 6, 2022 · 10:23 AM

Significant Microsoft 365 eDiscovery Challenges Require a New Approach

By John Patzakis

The adoption of cloud-based Microsoft 365 (“MS 365”) by enterprises continues to grow exponentially, with the company recently reporting 300 million monthly active users, and the addition of over 100 petabytes of new content each month. There is no question that MS 365 is now a major data source for eDiscovery, second only to file-shares and laptops, and as such provides challenges to every legal and eDiscovery practitioner.

While MS 365 includes built-in eDiscovery tools in the Security and Compliance Center, many users look to third party alternatives due to the high cost, perceived concerns over the accuracy of search results, and other key challenges. However, most non-MS eDiscovery tools collect from MS 365 by simply making bulk copies of data associated with individual accounts, and then attempting to transfer that data en masse to their own proprietary processing and/or review platform. This problematic approach is counter-productive to the very purpose of why you put data in the cloud.

Such an effort is very costly, time consuming, and inefficient for many reasons. For one, this bulk transfer triggers data transfer throttling by Microsoft, causing significant time delays. But the main problem is that clients who are investing in MS 365 do not want to see all their data routinely exported out of its native environment every time there is an eDiscovery or compliance investigation. Organizations are fine with a targeted set of potentially relevant ESI leaving MS 365. What they do not want is a mass bulk export of terabytes of data at great expense because eDiscovery and processing tools need to first broadly ingest that data in their disparate platform in order to even begin the indexing, culling and searching process.

Additionally, organizations, especially larger enterprises, rarely house all or even most of their data within MS 365, with hybrid cloud and on-premise environments being the norm. MS 365 eDiscovery tools can only address what is contained within MS 365. Any on-premise data, including on-premise Microsoft sources (SharePoint, Exchange) cannot be readily consolidated by MS 365, and neither can data from other cloud sources such as Google Drive, Box, Dropbox, etc. And of course, laptops and file-shares are critical to eDiscovery collections and are also not supported by the MS 365 eDiscovery tools, with Microsoft indicating that they do not have any plans to address all of these non-MS 365 data sources.

So, eDiscovery software providers need to have a good process to perform unified search and collection of MS 365 and non-MS 365 sources. To achieve requisite efficiency and the minimization of data transfer, this process should be based upon a targeted search and collection in-place capability, and not simply involve mass export of data out of MS 365 for downstream processing and searching.

To answer this unmet critical need, X1 has added MS 365 data connectors to our X1 Enterprise Collect platform. X1 Enterprise Collect provides users the unique ability to search and collect MS 365 data in-place. X1’s optimized approach of iterative search and targeted collection enables organizations to apply proportionality principles across both cloud and on-premise data sources with clear and consistent results for effective eDiscovery. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%).

The X1 Enterprise Collect Platform is available now from X1 and its global channel network in the cloud, on-premise, and with our services available on-demand. For a demonstration of the X1 Enterprise Collect Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-collect-platform.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, Data Audit, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, Information Management, OneDrive, Preservation & Collection, SharePoint

Tagged as , , , ,