We need to search mail or files for a legal request, how do we do that cleanly?
Compliance Search and eDiscovery let you search across mailboxes, SharePoint sites and Teams chats without bothering each user. For SMB context eDiscovery (Standard) is usually enough, eDiscovery Premium is overkill until you're in actual legal proceedings.
Try this first
- 1Open Purview admin > eDiscovery > Standard. Create a Case with a clear name and description (for example 'Audit_2026-Q1' or 'Request_Person_X'). Whoever has case access is who can open it, so keep it tight.
- 2Add locations (which mailboxes, sites, Teams). Usually you mean a specific user plus the team sites they're in. For broad requests you can pick 'all locations', but it takes longer.
- 3Build a query. KQL syntax: from:name@company.com AND received>=2025-01-01 AND received<=2025-12-31 AND ('search term' OR 'other term'). Test broadly first, narrow once you see noise.
- 4Run the search and review the preview. For SMB cases usually sufficient. Formal legal proceedings need eDiscovery Premium with holds, custodians and chain-of-custody reporting, but that's a different license.
- 5Export as PST or reviewable format. Store on a secure location and delete after completion. An eDiscovery export is sensitive data.
- 6Document: who requested, on what basis, who ran the search, when export was made and deleted. That audit trail protects you if anyone questions the process later.
When to bring us in
If a legal proceeding with external counsel or a regulator opens up, eDiscovery Premium with formal holds and custodians fits better. Chain-of-custody is built in. Don't start such a track on your own without legal involved.
See also
- Outlook crashes or freezes on large attachmentsUsually the mailbox cache is the culprit, not Outlook itself. Shrinking or relocating usually helps within ten minutes.
- Teams: they cannot hear me, or I hear nothingIn our experience Teams usually picked the wrong audio device after a Windows update or a new headset.
- OneDrive has stopped syncingThe cloud icon is grey or has a warning. Locally changed files are not showing up for colleagues.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.