Managing eDiscovery within Microsoft Teams

Microsoft Teams has become one of the leading team collaboration tools utilized by large corporations across multiple industries. As a result, Microsoft Teams is becoming a standard request for submission during the eDiscovery process. Data and Electronically Stored Information (ESI) associated with Teams can be a valuable asset during litigation and investigations.

Just like any platform, Microsoft Teams have some standardized data sources along with ones respective to their platform. Most data can be found in one of a few places:

  • Individual users mailbox: 1-on-1 chats and group chats
  • Channel mailbox: All chats within a designated team channel
  • Microsoft Sharepoint & OneDrive: Files shared by a user, both direct and in group channels.

It is important to note that not all content with Teams is searchable including more obscure data sources such as audio recordings, message reactions (likes, etc.), and code snippets. More common attributes and searchable types of content include: 

  • Messages
  • Date ranges
  • Location & geotags
  • Meeting metadata
  • Edited/altered message history
  • Conversation threads
  • Emojis & GIFs
  • Author/User
  • Link activity
  • Search queries & keywords
  • Activity (who the user is communicating with)

In addition to being discover-able, data within Teams can be preserved for legal holds and compliance functions as well as produced for review. Being that Teams is a core aspect of modern collaboration especially in a remote environment, Teams data gives insight into custodian workflows allowing compliance teams to get early control over their organization’s data.

References:

(1)  Docs.microsoft.com. 2020. Conduct An Ediscovery Investigation Of Content – Microsoft Teams. [online] Available at: <https://docs.microsoft.com/en-us/microsoftteams/ediscovery-investigation> [Accessed 4 November 2020].