assign ediscovery permissions to onedrive for business sites

OneDrive for Business: Getting Administrator’s Access to User’s Files and Folders

assign ediscovery permissions to onedrive for business sites

OneDrive for Business is a secure cloud-based solution for convenient telecommuting, remote access and private file sharing. Indeed, files stored on OneDrive are private by default: Users control access to the files they upload, so they can be seen by other employees only if they have been shared by the OneDrive owner. Even users with Global Administrator access cannot access files unless the OneDrive account holder has granted them the appropriate permissions.

  • [Free Download] Office 365 Administrator’s Guide

This lack of access to employees’ OneDrive repositories poses issues for administrators trying to ensure data security . This document explains how you can gain access when required, as well as how data classification will enable you to improve security and regulatory compliance across the IT environment, including OneDrive.

Getting Access to OneDrive for Business

There are various reasons OneDrive for Business administration teams, security pros and managers need access to employees’ OneDrive from time to time:

  • Controlling access settings to sensitive documents and files
  • Allowing file retrieval when an employee leaves the organization
  • Meeting data privacy regulations, such as GDPR and CCPA
  • Completing eDiscovery requests related to legal proceedings
  • Ensuring employee compliance with company policies around data usage

Handpicked related content: OneDrive for Business Auditing and Reporting

The good news is that there are three ways IT teams can gain access to the OneDrive files and folders of active users when necessary:

  • Via the Microsoft 365 Admin Center
  • Via the SharePoint Online Admin Center
  • Using PowerShell
  • [Free Guide] Data Access Governance Best Practices

Configuring Access to One Drive Files via the Microsoft 365 Admin Center

As long as you are a licensed Microsoft 365 Global Administrator, you can take ownership of a user’s OneDrive by following these steps:

  • Log into the Microsoft 365 Admin Center for your tenant.
  • Select the OneDrive user whose files you need.
  • Scroll down to OneDrive Settings.
  • Click Access Files and grant yourself administrator privileges in the OneDrive settings.
  • Click the hyperlink to open OneDrive in your browser to access the user’s OneDrive as a secondary administrator.

Configuring Access to Files via the SharePoint Online Admin Center

An administrator can use the SharePoint Online Admin Center to transfer ownership of a OneDrive or control user access to OneDrive, as follows:

  • Open the “more features” page in the SharePoint Admin Center and sign in with an account that has admin permissions.
  • Under User Profiles, select Open .
  • Under People, select Manage User Profiles .
  • Enter the user’s name and click Find .
  • Right-click on the user’s name and select Manage Site Collection Owners .
  • Add a secondary admin in the Site Collection Administrators

Configuring Site Collection Administrator Access to Files via PowerShell Cmdlets

Each user is the SharePoint Site Collection Administrator for their own OneDrive for Business location. However, administrators can configure site collection owners through PowerShell by using the following script :

Data Classification Adds Protection to OneDrive for Business Repositories

Of course, ensuring that you can gain access to a user’s OneDrive data when required is not sufficient for security and compliance. Any employee’s OneDrive for Business repositories may contain regulated or business-critical data that must be properly controlled by the organization at all times. One of the best ways to gain that control is to use data classification.

Data classification is the process of categorizing and tagging data so it can be easily accessed and protected. Effective data classification enables you to know exactly where sensitive data is stored, so you can apply appropriate security controls around it. For example, if you see that GDPR-regulated information is stored in a particular user’s OneDrive folder, you can raise a red flag and make sure that data is moved to an approved repository. Even better would be a data classification solution that continuously monitors for such violations and automates the remediation process.

Native Data Classification Processes

Organizations have several native options for classifying data across their networks:

  • Automated processes, which include keyword-based searching and using sensitive information types
  • Manual options, which include applying labels based on administration configurations

Both of these options involve multiple steps that employees must replicate across dozens or hundreds of file types and data sources. In short, they are time-consuming, repetitive and complicated processes that are highly prone to error. Moreover, busy security professionals are already stretched thin, so these critical tasks simply do not get done at all.

Additional issues with native tools include the following:

  • This functionality isn’t available across all subscription plans.
  • Only Office files are supported.
  • Labels are not easy to customize,
  • Structured data is not supported.
  • Support for third-party applications and systems is very limited.

Netwrix Provides a Smart Data Classification Solution

Netwrix Data Classification offers a better approach. It all starts with built-in taxonomies for common types of sensitive data, such as GDPR and financial data, along with a flexible taxonomy manager that empowers you to easily modify those taxonomies or create your own to meet your specific business needs. Those taxonomies are used to automatically classify data across the entire IT environment — structured and unstructured data stored on premises or in the cloud, including content in users’ OneDrive for Business repositories. Compound term search and other advanced features ensure highly accurate and reliable classification results.

In addition, Netwrix Data Classification reports on where sensitive data is located and who has access to that data, so you can ensure that data is stored only in secure locations and is accessible only by authorized personnel. The platform even offers automated remediation workflows that automatically move vulnerable data to a safe quarantine area, and alerting on critical changes to your data.

assign ediscovery permissions to onedrive for business sites

In this article

  • Why do you need eDiscovery?
  • What are the data sources covered by Microsoft eDiscovery?
  • What is Microsoft 365 Core eDiscovery?
  • What is Microsoft 365 Advanced eDiscovery?
  • Access permissions in Microsoft 365 eDiscovery
  • Is eDiscovery a backup solution?

A Primer to Microsoft 365 eDiscovery Solutions

26 Oct 2021

1. Why do you need eDiscovery?

i. The Federal Rules of Civil Procedure: The Federal Rules of Civil Procedure (FRCP), established in 1934, are a set of rules that are focused on governing procedures for managing civil lawsuits in the United States district courts. A variety of important changes to the FRCP went into effect in December 2006. These included an expansion of discoverable material to include all ESI that might be relevant in a legal action

ii. Collecting ESI: Companies of all sizes generate a significant amount of data. Even small and medium-sized generate and manage almost 47.81 TB of data on an average , and this is expected to grow significantly in the coming years. The rapid growth of ESI illustrates the problem that a company might face during a legal proceeding to search, collect, and produce electronically stored data as relevant evidence.

2. What are the data sources covered by Microsoft eDiscovery?

eDiscovery data sources

Messages and files shared within a Microsoft Teams channel (including a private channel) get stored in Exchange Online mailboxes and SharePoint Site associated with the team, respectively. The messages and files shared on 1:1 chat is stored in individual users’ mailboxes and OneDrive accounts. Click here to learn more about data storage in Microsoft Teams.

3. What are the types of eDiscovery solutions available?

Types of Microsoft eDiscovery

3.1. What is Microsoft 365 Core (Standard) eDiscovery?

3.1.1. how to create a core ediscovery case.

Step 1: Navigate to the Security and Compliance center.

Step 2: Click “Core eDiscovery” under the “eDiscovery” drop-down on the navigation menu on the left-hand side of the screen.

Step 3: Type a case name and a description (optional) and click “Save”

Create core eDiscovery case

Step 4: Select the case to navigate to the case page and take further action.

Core eDiscovery case

3.1.2. How to run an eDiscovery search in a Core eDiscovery case?

Step 1: Navigate to the Security and Compliance center. Click “Core eDiscovery” under the eDiscovery drop-down on the navigation menu bar on the left-hand side of the screen.

Step 2: Click “Searches'' from the top menu bar. Click “+New Search”.

Create core eDiscovery search

Step 3: Type a name and description (optional) for the new search. Click “Next”.

Step 4: Choose the location to search for content. Example: - Specific users, groups, or teams under Exchange mailboxes - Specific sites and OneDrive accounts or add the URL for a Microsoft Team, Office 365 Groups, or Yammer Groups SharePoint site. Click “Next”.

Run new core eDiscovery search

Step 5: Add conditions for the search if needed. This could include specific keyword(s) and add conditions to search for the keyword. Click “Next”.

Run new core eDiscovery search

Step 6: Review the search and click “Submit”. Once the content search run is complete, administrators can take further action like “Edit search,” “Rerun search,” etc. They can also export the search results as a .csv or a compressed .zip file by clicking “Export results”. 

Actions

3.1.3. How to create a hold in a Core eDiscovery case?

Step 1: Navigate to the Security and Compliance center

Step 3: Create an eDiscovery case or open an existing case.

Step 4: Click “Hold” on the top menu bar. Click “+Create”.

Create eDiscovery hold

Step 5: Enter a name for the hold and provide a description (optional). Click “Next”.

Step 6: Choose the location (SharePoint sites, Exchange mailboxes or Exchange public folders). Click “Next”.

Core eDiscovery hold

Step 7: Enter the search query. Administrators can add a specific keyword and choose conditions to search for the query if needed.

Core eDiscovery hold conditions

Step 8: Review the settings and click “Submit”. The hold will be created based on the chosen location or the query and or condition.

It takes up to 24 hours for a hold to take effect.

3.2. What is Microsoft 365 Advanced (Premium) eDiscovery?

Advanced eDiscovery Glossary:

1.     Custodian- Custodians are users/people whose content an organization wants to specifically search for and gather as evidence ins any legal case.

2.     Non-custodial data sources- When a new collection is created, administrators can add non-custodial data sources. These could be sites or groups or any other sources that need to be included in the search.

3.     Review sets- In Advanced eDiscovery, data can be added to review sets where it can be reviewed, analyzed, tagged, and exported.

Collections- Using collections, administrators can search for and collect live data from the Microsoft data sources.

3.2.1. Advanced eDiscovery and EDRM

The electronic discovery reference model.

eDiscovery reference model workflow

A Typical Advanced eDiscovery Case Workflow

Advanced eDiscovery Workflow

3.2.2. How to create an Advanced eDiscovery case?

Step 1: Navigate to the security and compliance center.

Step 2: Click “Advanced eDiscovery” under eDiscovery from the left-hand side menu bar.

Step 3: Click “Cases” on the menu bar on the top and click “+ Create a case”.

New Advanced eDiscovery case

Step 5: Enter a case name, case number, and a description (optional). Administrators can further add members to configure the analytical settings related to the case and the format. Click "Save".

Analytical settings

3.2.3. How to create collections in an Advanced eDiscovery case?

Step 1: Navigate to the security and compliance center and click “Advanced eDiscovery” under eDiscovery on the left-hand side menu bar.

Step 2: Click “+ Create a case” or choose an existing case. Click “Collections” on the top menu bar and click “+ New collection”.

New Advanced eDiscovery collection

Step 3: Enter the name and description (optional) of the collection, add custodians, non-custodial data sources, additional locations, conditions for the collection, save the collection as draft or add it directly to a review set. Admins can review the collections once the collection process is done.

Advanced eDiscovery collection

3.3. Access permissions in Microsoft 365 eDiscovery

To access the features available within Microsoft eDiscovery a user needs appropriate permissions. These permissions can be assigned by the Compliance Administrator or the Global Administrator on the Security and Compliance center .

eDiscovery manager and eDiscovery administrator are sub-groups that fall under the eDiscovery manager compliance center role. Users can be added to these sub-groups by navigating to the eDiscovery manager group under the Permissions page.

eDiscovery Manager: An eDiscovery manager can only manage the case that they create. They can create and manage Core and Advanced eDiscovery cases, create case holds, run searches, preview, and export search results, add and remove members, and access case data.

eDiscovery Administrator: An eDiscovery administrator can perform all the tasks that the eDiscovery manager can. Additionally, an eDiscovery administrator can access all the Core and Advanced eDiscovery cases listed in the compliance center.

eDiscovery managers and administrators

4. Is eDiscovery a backup solution?

Despite the data preservation capabilities, Microsoft eDiscovery is not a backup solution. Missing features like single-click restore, automated backup with snapshots, granular restore features, etc., are a few reasons why organizations should not use eDiscovery as an alternative to a backup solution like SysCloud. To know more about how eDiscovery is different from a third-party cloud backup tool, click here .

Recommended content

27 Oct 2021

Get actionable SaaS administration insights

We don’t spam. Unsubscribe anytime.

Start enjoying faster and easier backups, today

SharePoint Diary Logo

SharePoint Diary

Salaudeen Rajack's SharePoint Experiences!

How to Grant Access to another User’s OneDrive in Office 365?

Requirement: Grant access to OneDrive for business to another user.

OneDrive makes it easy to collaborate by sharing files and folders with others. By default, When the user creates SharePoint My Site or OneDrive site collection, SharePoint assigns the primary site collection administrator or the OneDrive Owner rights to the user. Sometimes, you may need to access another user’s OneDrive for Business site or share OneDrive with another user. E.g., The user left the company, and the manager of the user wants to gain access, backup purposes, compliance, delegation, security, etc. This article will walk you through how to give access to the OneDrive site to another user.

In this article:

How to share onedrive files or folders with another user, access any user’s onedrive site as a global administrator, how to grant admin access to another user on a onedrive, powershell to add site collection administrator to a onedrive for business site collection, grant admin access to all onedrive for business sites, pnp powershell to grant onedrive access.

If you want to share files or folders, You can browse to your OneDrive site from App launcher (or open OneDrive and right-click on the folder or file you intend to share). On top of the page, Select Share button, and then select “Specific people”. Enter the email address(es) of the people you want to share with and set the permission level to allow editing (can edit, can view, etc). This will grant permissions and send the recipient a sharing invitation email to access the shared folder or file.

onedrive give access to another user

Alright, How about sharing the entire OneDrive with another user?

If you have “Global Administrator” rights, follow these steps to access OneDrive for any user in the tenant:

  • Log in to the Microsoft 365 Admin center at https://admin.microsoft.com/ as global admin.
  • Expand Users >> Active Users >> Search and find the user account to get OneDrive site access.

access another users onedrive site

What if you have only “SharePoint Admin” rights, but not a global administrator?

How to grant access to the OneDrive for Business site to another user? To gain access to a user’s OneDrive site, follow these steps:

  • Login to SharePoint Online Admin Center.
  • Click on the “More Features” and then the “User Profiles” link from the left navigation.

change onedrive site collection administrator

6 thoughts on “ How to Grant Access to another User’s OneDrive in Office 365? ”

' src=

Are we able to set Grant Admin Access to All OneDrive for Business Site Collections script for a security group instead of a single user account?

Set-SPOUser -Site $Site.Url -LoginName $SiteCollAdmin -IsSiteCollectionAdmin $True

' src=

First of all, thanks for this contribuition, it helped me a lot, awesome work!!

Tested the one that would change for all sites and seemed to work, but I wonder, how could I use for example the first one that is meant to add to only one specific onedrive site, but instead I use it to multiples sites? is there a way to like, I add 4 or 5 specific sites in there, rather than run it individually for each site?

' src=

How can you modify this script to automate adding a user’s manager as secondary admin to only a list (.CSV file) of OneDrives

' src=

How do I add O365 Group as secondary admin? The O365 group shows as ” member” in sharepoint GUI…

' src=

There is no “Secondary Admin” in SharePoint Online! You can add Site collection Administrators to SharePoint Online site through PowerShell as in: How to Add Site Collection Administrator in SharePoint Online?

' src=

Hi, Can your code be used to copy a departing user’s OneDrive for Business data to another user’s OneDrive? I have to perform this task manually when processing offboarding requests. I have struggled for weeks and still cannot make this work. Perhaps it cannot be done. Thanks for your time and input.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Notify me of follow-up comments by email.

Notify me of new posts by email.

(844) 422-3483

CB5 Solutions LLC

ODFB Add Secondary Administrator

When performing eDiscovery searches for OneDrive for Business content within the Compliance & Security center, the account being used to perform the eDiscovery searches must have administrator rights to the OneDrive for Business (My Site) being searched. The article below provides a description of the permissions that are needed to perform eDiscovery searches for ODFB content and a script to add a secondary administrator for all ODFB sites.

https://support.office.com/en-us/article/Assign-eDiscovery-permissions-to-OneDrive-for-Business-sites-422858ff-917b-46d4-9e5b-3397f60eee4d?ui=en-US&rs=en-US&ad=US

There are several ways to accomplish this task. Listed above is a script that Microsoft wrote. The script is a point in time change. Any new OneDrive for Business sites will not have a secondary administrator until the script is executed again.  The easiest way however, is to create an eDiscovery Group, and add the compliance and security officers and your legal team as members of the eDiscovery group.  After adding the members to the eDiscovery group, navigate to the SharePoint Online admin > user profiles > Setup My Sites . Locate the My Site Secondary Admin section and add the eDiscovery group as the secondary admin and enable the My Site secondary admin option.

The eDiscovery group is added as a secondary site administrator to all newly created MySites after the site is created. ( user profile > Manage User Profiles )

ODFB Second Admin 02

Why do I need another method

Another way to add a group as a secondary administrator is using PowerShell. There may be times where you want to add an eDiscovery group as a secondary administrator to only selected users. This can be accomplished by calling a CSV file within PowerShell.

Create a CSV file called Users.csv  under C:\temp\ODFB

Within the user.csv file list the names of the end-users that will have the eDiscovery group added as a secondary administrator.

ODFB Second Admin 03

Within the script search for domainname , adminaccount , and group name and update the script to reflect your organization configuration.

If you want to remove the permissions after adding them, you can change the IsSiteCollentionAdmin within the Set-SPOUser command from $true to $false:

Note : The script only works with groups and not users

Here are the results after running the script, the eDiscovery group will be added as administrator to the users within the CSV file.

ODFB Second Admin 04

Note : You need to install the SharePoint module on the computer that you are running the script on link .

Netwoven

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

By Tirtha Ghosh  |  Published on March 20, 2018

Office 365 Security Compliance – DLP

In recurrence of my earlier post ‘ Security Compliance – DLP ’, I would like to discuss ways to go ahead with eDiscovery in SharePoint Online.

You have to be an Office 365 global administrator in your Office 365 organization to configure eDiscovery and set up an eDiscovery Center in SharePoint Online. After you set up eDiscovery, users with the required permissions can create eDiscovery cases, place content on hold, run eDiscovery searches, and export search results.

Here are the steps for setting up eDiscovery in Office 365:

Step 1: Create an eDiscovery Center

Step 2: configure exchange online as a result source, step 3: create a security group for ediscovery managers, step 4: assign ediscovery permissions in sharepoint online, step 5: assign ediscovery permissions in exchange online.

In SharePoint Online, an eDiscovery Center is created as a site collection and is the root site of that site collection. eDiscovery cases are created as subsites in this site collection.

Follow these steps to create an eDiscovery Center site collection.

  • Sign in to Office 365 using your global administrator account. https://portal.office.com/adminportal/home#/homepage
  • In the Office 365 admin center, choose Admin > SharePoint to go to the SharePoint admin center.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • On the Site Collections tab, click New , and then click Private Site Collection .
  • Title : Type a name for the eDiscovery site collection; for example, Contoso eDiscovery Center .
  • In the drop-down list for the domain name, select a domain name.
  • In the drop-down list for the URL path, you can use /sites/ or specify any managed path.
  • In the URL name box, type a URL name for the eDiscovery Center; for example, eDiscovery.
  • Select a language for the site collection.
  • Under Select a template , click Enterprise , and then click eDiscovery Center .
  • Time Zone : Select a time zone from the drop-down list.
  • Administrator : Type the name of a person who will be the site collection administrator for the eDiscovery Center. You can click Check Names or Browse to find a person. Consider selecting a person in your organization who will be responsible for managing eDiscovery holds and search queries.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Storage Quota : Type the number of megabytes (MB) that you want to allocate to this site collection. Only the metadata about eDiscovery cases, search queries, and holds are stored against the site collection storage quota. The actual search results aren’t stored in the eDiscovery Center site collection. One gigabyte of storage (about 1024 MB) is recommended.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Server Resource Quota : Keep the default value of 300 for the eDiscovery Center site collection.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Click OK to create the new site collection.

You may also like: Learn how to proactively identify and protect your sensitive information

To search Exchange Online mailboxes from an eDiscovery Center, you have to configure Search to include Exchange Online as a result source for the eDiscovery Center site collection.

Follow these steps to configure Exchange Online as a result source for the eDiscovery Center that you’re setting up.

  • Go to the new eDiscovery Center that you created in Step 1. Use the Web site address that you specified; https://xxxxxxxxxx.sharepoint.com/Sites/eDiscoveryCenter

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Go to Settings > Site settings .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • On the Site Settings page, under Site Collection Administration , click Search Result Sources .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • On the Manage Result Sources page, click New Result Source .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • In the General Information section, in the Name box, type Exchange Online and, optionally, type a description.
  • In the Protocol section, select Exchange .
  • In the Exchange Source URL section, click the Use AutoDiscover
  • Click Save .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

After you configure Exchange Online as a result source for the eDiscovery Center, eDiscovery managers can search Exchange Online mailboxes using the eDiscovery Center.

Note:     Be sure to configure Exchange Online as a result source for the eDiscovery Center site collection. If you configure it at the subsite or eDiscovery case level, you won’t be able to search Exchange Online mailboxes

eDiscovery managers need the necessary permissions to search for content in SharePoint Online sites and Exchange Online mailboxes, place content on hold, and export the search results. A good way to assign permissions to a group of people is to create a security group in Exchange Online, add members to the security group, and then assign eDiscovery-related permissions to the security group in SharePoint Online and in Exchange Online.

Follow these steps to create a security group in Exchange Online.

  • In the Office 365 admin center, choose Admin > Exchange .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • In the Exchange admin center (EAC), go to Recipients > Groups .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Click New > Security group .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Display name : This name appears in the shared address book and in the Groups list in the EAC. Use a name that identifies the purpose of the group; for example, eDiscovery Managers .
  • Alias : Type the alias for the security group. It must be unique in your Office 365 organization.
  • Email address : The name that you typed in the Alias field is used to automatically generate the portion of the email address that appears to the left of the @ symbol. You can change the alias portion of the email address if necessary.
  • Description : You can use this box to describe the eDiscovery-related purpose of the security group.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Under Members , click Add .
  • Select people that you want to be members of this group and click Add . When you are finished adding members, click OK to return to the New security group

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Click the Owner approval is required checkbox so that you can manage the membership of this group and control who can use the eDiscovery Center.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

The next step is to assign permissions to the members of the security group that you created in Step 3 so they can use the eDiscovery Center and search for content on SharePoint sites. This requires three different permissions assignments:

  • Assign owner permissions to the eDiscovery managers security group for the eDiscovery Center created in Step 1. As site collection owners, eDiscovery managers will be able to create cases, place content sources on hold, and export search results. Site collection owners can also give other users access to specific eDiscovery cases.
  • Make the eDiscovery managers security group site collection administrators for all site collections in your SharePoint Online organization that contain searchable content. This lets eDiscovery managers have access to all content in your SharePoint Online organization and view the search results in the eDiscovery Center.
  • Go to the top-level site in the site collection, and then click Settings > Site settings .
  • On the Site Settings page, under Users and Permissions , click Site Collection Administrators .
  • Type the name of the eDiscovery managers security group in the Site collection administrators box and then click OK .

Follow these steps to make members of the eDiscovery managers security group site collection administrators for a site collection. Repeat these steps for each site collection in your SharePoint Online organization.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

  • Give the eDiscovery managers security group read permissions to the crawl logs for your SharePoint Online organization. This lets eDiscovery managers view any crawl log errors, which are included in a report when eDiscovery search results are exported.

Grant users permission to view the crawl log information

  • Sign in to the Office 365 Admin Center.
  • Choose  Admin  >  SharePoint . You’re now in the SharePoint admin center.
  • Choose  search .
  • On the search administration page, choose  Crawl Log Permissions .
  • In the  Crawl Log Permissions  box, enter names or email addresses. The names of valid users or user groups are shown in the list as you type letters in the box.
  • Click  OK .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

Important:    If you or an eDiscovery manager has to search for content stored on OneDrive for Business sites, you need to assign specific permissions for that task. For step-by-step details.

Follow these steps to make the members of a security group the site collection owners of the eDiscovery Center.

  • In the eDiscovery Center, go to Settings > Site settings .
  • On the Site Settings page, under Users and Permissions , click Site permissions .
  • Click the < name of site collection > Owners group for the site collection.
  • In the New drop-down list, click Add Users .
  • In the Invite people box, type the name of the eDiscovery managers security group, and then click Share .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

The last step is to assign eDiscovery permissions in Exchange Online to the security group that you created in Step 3. You do that by adding the security group to the Discovery Management admin role group in Exchange Online. This will let members of the security group use the eDiscovery Center to search mailboxes, place them on hold, and export mailbox search results.

Follow these steps to assign eDiscovery permissions in Exchange Online to the eDiscovery managers security group.

  • In the EAC, go to Permissions > Admin roles .
  • Click Discovery Management , and then click Edit .
  • Select the security group that you created for eDiscovery managers, click Add , and then click OK .

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

The eDiscovery managers security group is listed under Members in the details pane.

Office 365 Security Compliance – eDiscovery, Litigation, On-Hold

Download the Datasheet to learn more about Netwoven’s Information Protection and Compliance service.

Download the Solution Brief to learn how Netwoven’s solution proactively identifies and protects your sensitive data.

Related Posts

Four Key Trends in Semiconductor Industry that Result in Data Security Challenges

  • Application Modernization (1)
  • Azure Development (5)
  • Business Application (2)
  • Cloud Infrastructure and Management (18)
  • Cloud Infrastructure and Security (23)
  • Cloud Infrastructure Management (36)
  • Content and Collaboration (49)
  • Custom Development (42)
  • Data and Analytics (3)
  • Data and Business Analytics (5)
  • Data Engineering and Analytics (12)
  • Digital Workspace (5)
  • Documentum to Microsoft 365 Migration (2)
  • Dynamics 365 (27)
  • EFSS to Microsoft 365 Migration (3)
  • Endpoint Management (5)
  • Enterprise Search (5)
  • eRoom to Microsoft 365 Migration (4)
  • Govern 365 (3)
  • Governance (1)
  • Intelligent Communication (2)
  • Managed Services (7)
  • Microservices (1)
  • Microsoft Power Platform (34)
  • Microsoft Teams Rollout (13)
  • Migrations (21)
  • Miscellaneous (6)
  • Modern Applications (17)
  • Modern Enterprise Data Center (2)
  • OneDrive for Business Enablement (4)
  • Security and Compliance (3)
  • SharePoint Custom Development (133)
  • SharePoint On-Prem to SharePoint Online Migration (1)
  • Tenant to Tenant Migration (4)

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

Unravel The Complex

Stay Connected

Subscribe and receive the latest insights

Netwoven Inc. - Microsoft Solutions Partner

Get involved by tagging Netwoven experiences using our official hashtag #UnravelTheComplex

Linkedin

assign ediscovery permissions to onedrive for business sites

Top Contributors in OneDrive: CraigLong  -  Dillon Silzer   ✅

February 13, 2024

Top Contributors in OneDrive:

CraigLong  -  Dillon Silzer   ✅

  • Search the community and support articles
  • Microsoft 365 and Office
  • Search Community member

Ask a new question

Can I set up a OneDrive for Business Permission to Edit but not Delete files?

Report abuse, replies (5) .

Sukie Qi MSFT

  • Microsoft Agent |

Hi DrewCothran,

Thank you for querying in this forum.

According to your description, it seems that you want to share some folders with the others, and you want them to have permission to edit the file, however, you don’t want to give them permission to delete files in the folder.

May I know if my understanding is right? If so, we’d give you the steps below and hope that will help you:

You can click Gear button from upper-right corner of OneDrive for business page > click OneDrive Settings, as shown below:

assign ediscovery permissions to onedrive for business sites

If you see the message "This OneDrive view is not supported within the current session.", you can reload you page. Then you can click More Settings > click Return to the old Site setting page, as shown below:

assign ediscovery permissions to onedrive for business sites

Then you can click Site Permission under Users and Permissions > click manage > Permission Levels > click Add a Permission Level, create a new permission level as same as shown below((Don't change the default permission for Site permissions and personal permissions). ):

assign ediscovery permissions to onedrive for business sites

Then you can go back to OneDrive for business page > select the folder you want to share > click Share > Click Three dots > Manage Access > Advanced > then you can click Stop Inheriting Permission > Grant permission > then you can type the email address and give the user this permission, as shown below:

assign ediscovery permissions to onedrive for business sites

And we have tested it on our side, if we referred the steps above to share the folder with the others, the others cannot delete the file in this folder, as shown below:

assign ediscovery permissions to onedrive for business sites

Hope the suggestion above can help you, if the scenario above is not consistent with yours, you can also post back and provide more details about your requirement.

Best Regards,

1 person found this reply helpful

Was this reply helpful? Yes No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

Thanks for your feedback.

We appreciate that you posted back and shared the test results with us.

Per your description, it seems that you have tried the suggestion I provided above, however, it brought you to OneDrive Files page instead of Site permission page.

If so, we understand the inconvenience caused and apologize for it.

If you can see Return to classic OneDrive at the lower left corner of the OneDrive for business page, you can click it, as shown below:

assign ediscovery permissions to onedrive for business sites

Then you can click Gear button from upper-right corner  of OneDrive for business classic page > click Site settings, as shown below:

assign ediscovery permissions to onedrive for business sites

Then you will see Site Permission, as shown below:

assign ediscovery permissions to onedrive for business sites

Please  do  let   us   know  if that works for you, we’ll be glad to provide further help.

Thank you, when I do this I don't have the option for Site Settings ,see Below. I am logged in as the site administrator.

assign ediscovery permissions to onedrive for business sites

Thank you for sharing your test results here. We also appreciate that you spent your precious time doing those tests.

It seems that you cannot see OneDrive Settings after returning to classic OneDrive. Given this situation, we have tested it on our side with different accounts and we cannot reproduce the same situation as yours.

The last possible way to access Site settings is to access the link directly to check if you can find those options. You can click the link below to check if you can access Site permission page: https:// tenant -my.sharepoint.com/personal/ youraccount /_layouts/15/user.aspx (You need to change tenant to your own tenant and change your account, for example, if your account is [email protected], you can change tenant to 345, then change youraccount in the link to 123_345_onmicrosoft_com), as shown below:

assign ediscovery permissions to onedrive for business sites

If you still cannot access site permission page via the link we provided above. Given this situation, I do understand the inconvenience it has made and  apologize   for it.  This issue may need to be checked from background,  the best way to troubleshoot the issue is to report the issue to the related Team.  I have sent you  a   Private Message , please click on the link for more information on this  issue. We  a lso want to report this issue directly to the related team. However, we don’t have specific escalate channel to report this issue.  A s the side of Office 365  a dmin have  a ccess to report this issue to the related team, this is why we’d suggest you open  a   ticket  directly. This is the best way  a nd fast way to solve this issue.

Your understanding  a nd patience will be highly  a ppreciated.

Question Info

  • Norsk Bokmål
  • Ελληνικά
  • Русский
  • עברית
  • العربية
  • ไทย
  • 한국어
  • 中文(简体)
  • 中文(繁體)
  • 日本語

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Microsoft Purview eDiscovery service description

  • 3 contributors

Electronic discovery (eDiscovery) solutions in Microsoft 365 provide investigation and eDiscovery solutions for IT and legal departments within corporations to identify, collect, preserve, reduce, and review content related to an investigation or litigation prior to export out of the Microsoft 365 system.

eDiscovery (Standard) builds on the basic search and export functionality of Content search by enabling you to create eDiscovery cases and assign eDiscovery managers to specific cases. eDiscovery managers can only access the cases of which they are members. eDiscovery (Standard) also lets you associate searches and exports with a case and lets you place an eDiscovery hold on content locations relevant to the case.

eDiscovery (Premium) provides an end-to-end workflow to preserve, collect, analyze, review, and export content that's responsive to your organization's internal and external investigations. It also lets legal teams manage the entire legal hold notification workflow to communicate with custodians involved in a case.

By default, eDiscovery features are enabled at the tenant level for all users within the tenant when admins assign eDiscovery permissions in the Microsoft Purview compliance portal.

Here are examples of users in your organization benefiting from the service:

  • Custodians (any users) that are part of a case that's placed on hold or who are custodians of data sources that are part of a Search, Collection, or Review set.
  • Owners and members of a SharePoint site that is on hold or contains content that is part of a Search, Collection, or Review set.
  • Owners of Exchange mailboxes that are placed on hold or contain content that is part of a Search, Collection, or Review set.
  • Owners and members of Teams chats, channels or private channels that are placed on hold or contain content that is part of a Search, Collection, or Review set.

Available plans

For detailed enterprise plan information on subscriptions that enable users for eDiscovery see the full subscription comparison table .

For detailed education plan information on subscriptions that enable users for eDiscovery click here .

For detailed SMB plan information on subscriptions that enable users for eDiscovery click here .

eDiscovery (Standard) for email : Exchange Online Plan 2, Exchange Online Archiving, Microsoft 365 Business Premium, Microsoft 365 E5/A5/G5/E3/A3/F3/G3, Office 365 E5/A5/G5/E3/A3/F3/G3.

eDiscovery (Standard) for sites and files : SharePoint Online Plan 2, OneDrive for Business (Plan 2), Microsoft 365 E5/A5/G5/E3/A3/G3/F1/F3, Office 365 E5/A5/G5/E3/A3/G3/F3.

eDiscovery (Standard) for Microsoft 365 Copilot interactions : Microsoft 365 E3/E5 + Microsoft 365 Copilot.

eDiscovery (Premium) : Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/F5/G5 Compliance, Microsoft 365 E5/A5/F5/G5 eDiscovery and Audit, and Office 365 E5/A5/G5.

eDiscovery (Premium) for Microsoft 365 Copilot interactions : Microsoft 365 E5 + Microsoft 365 Copilot.

For detailed plan information on subscriptions that enable users for Microsoft Purview eDiscovery and are currently available in European Economic Area (EEA) countries and Switzerland see the Microsoft 365 business plan comparison for EEA and Microsoft 365 Enterprise plan comparison for EEA .

Feature availability

1 Requires Microsoft 365 E3

For the most up-to-date, complete list of eDiscovery features across plans, see Microsoft Purview eDiscovery Solutions .

For more information about eDiscovery, check out the following resources:

  • Comparison of key capabilities: Microsoft Purview eDiscovery Solutions .
  • Any user benefiting from the service requires a license. For more information about service terms & conditions, see Product Terms .
  • For more information about service terms & conditions, see Product Terms .
  • For information regarding eDiscovery and non-custodial data sources, see Add non-custodial data sources to an eDiscovery (Premium) case .
  • eDiscovery administrators can select specific users as data custodians for a case by using the built-in custodian management tool in eDiscovery (Premium) as described in Add custodians to an eDiscovery (Premium) case .

To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, visit the Message center .

Licensing terms

For licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site .

Accessibility

Microsoft remains committed to the security of your data and the accessibility of our services. For more information, see the Microsoft Trust Center and the Office Accessibility Center .

Was this page helpful?

Submit and view feedback for

Additional resources

IMAGES

  1. Manage Permissions for Files in your OneDrive for Business

    assign ediscovery permissions to onedrive for business sites

  2. Managing Permissions to Your Shared Documents in OneDrive

    assign ediscovery permissions to onedrive for business sites

  3. OneDrive for Business

    assign ediscovery permissions to onedrive for business sites

  4. Manage permissions of shared directories and files on OneDrive

    assign ediscovery permissions to onedrive for business sites

  5. How to Gain Owner Access to OneDrive for Business Sites in Office 365

    assign ediscovery permissions to onedrive for business sites

  6. OneDrive for Business

    assign ediscovery permissions to onedrive for business sites

VIDEO

  1. How to assign permissions

  2. How to assign User and Group Permissions AWS IAM

  3. Clients: Add Vendors & Assign Permissions

  4. What are Microsoft OneDrive Files on Demand?

  5. 【M365更新情報】Microsoft Purview compliance portal: eDiscovery

  6. Enforce sites on your Origination device to open in Internet Explorer mode through Graph API

COMMENTS

  1. Assign eDiscovery permissions in the compliance portal

    On the Permissions page in the compliance portal, you can also assign users eDiscovery-related permissions by adding them to the Compliance Administrator, ... OneDrive for Business sites, Skype for Business conversations, Microsoft 365 groups, and Microsoft Teams, and Viva Engage groups. This role allows a user to get an estimate of the search ...

  2. OneDrive for Business

    Documents OneDrive for Business folder eDiscovery At some point, you may need the ability to search the files in an end user's OneDrive for Business. The built-in eDiscovery feature in SharePoint will allow you to perform searches against those files.

  3. How to place a "One Drive For Business" site on a legal hold?

    1. set up an ediscovery center in sharepoint online. 2.take owner of leaves' onedrive for business sites. for individual user navigate to sharepoint admin center>user profiles>manage user profiles>enter that user's account>find>select that user and right-click>manage site collection owner>remove that user and add your admin account>ok.

  4. Configure permissions filtering for eDiscovery

    For a list of searchable email properties, see Keyword queries and search conditions for eDiscovery. Site and site content filtering: There are two SharePoint and OneDrive for Business site-related filters that you can use to specify what site or site content the assigned users can search: Site_ SearchableSiteProperty; SiteContent ...

  5. Set up compliance boundaries for eDiscovery investigations

    Here's the steps for setting up compliance boundaries: Step 1: Identify a user attribute to define your agencies. Step 2: Create a role group for each agency. Step 3: Create a search permissions filter to enforce the compliance boundary. Step 4: Create an eDiscovery case for an intra-agency investigations.

  6. Using the eDiscovery tool for content search in the Microsoft 365

    Aug 29 2021 06:31 AM Using the eDiscovery tool for content search in the Microsoft 365 Compliance Center! Dear Microsoft 365 Friends, This article is about the eDiscovery (content search) tool in Microsoft 365. Before we start, a quick word about licenses. In order to work with the tool, you need the necessary licenses.

  7. eDiscovery in Office 365

    You can use eDiscovery in Office 365 to search for content in Exchange Online mailboxes, Office 365 Groups, Microsoft Teams, SharePoint Online and sites, and Skype for Business conversations. If you only need to search mailboxes, you can use In-Place eDiscovery in the Exchange admin center (EAC).

  8. Getting Administrator's Access to a User's OneDrive for Business

    Open the "more features" page in the SharePoint Admin Center and sign in with an account that has admin permissions. Under User Profiles, select Open.

  9. Admin's Guide to Microsoft 365 eDiscovery

    25 Oct 2021 8 min read eDiscovery or Electronic Discovery is the process of identifying, reviewing, analyzing, tagging, and preserving ESI (Electronically Stored Information) to be presented as potential evidence in a legal case.

  10. How to Grant Access to another User's OneDrive in Office 365?

    To gain access to a user's OneDrive site, follow these steps: Login to SharePoint Online Admin Center. Click on the "More Features" and then the "User Profiles" link from the left navigation. Click on the "Manage User Profiles" link under the "People" group. Search and pick the user profile to which you want to gain access.

  11. Get started with eDiscovery (Standard)

    Step 1: Verify and assign appropriate licenses Step 2: Verify that required eDiscovery apps are enabled Step 3: Assign eDiscovery permissions Step 4: Create a eDiscovery (Standard) case Show 2 more

  12. How to place a "One Drive For Business" site on a legal hold?

    No Replies (2) We are trying to test the Litigation Hold features in the eDiscovery center and having an issue adding OneDrive for Business sites as sources. We have tried placing different user sites as a source

  13. ODFB Add Secondary Administrator

    When performing eDiscovery searches for OneDrive for Business content within the Compliance & Security center, the account being used to perform the eDiscovery searches must have administrator rights to the OneDrive for Business (My Site) being searched. The article below provides a description of the permissions that are needed to perform eDiscovery searches for ODFBpost

  14. Office 365 Security Compliance

    Here are the steps for setting up eDiscovery in Office 365: Step 1: Create an eDiscovery Center. Step 2: Configure Exchange Online as a result source. Step 3: Create a security group for eDiscovery managers. Step 4: Assign eDiscovery permissions in SharePoint Online. Step 5: Assign eDiscovery permissions in Exchange Online.

  15. Use a script to add users to a hold in a eDiscovery (Standard) case

    Step 1: Install the SharePoint Online Management Shell Step 2: Generate a list of users Step 3: Run the script to create a hold and add users Tip If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs.

  16. Add custodians to an eDiscovery (Premium) case

    Select the mailboxes to assign to the custodian and then select Add. SharePoint: Use to associate SharePoint sites to the custodian. Select a site in the list or search for a site by typing a URL in the search box. Select the sites to assign to the custodian and then select Add. If a user is inactive, their OneDrive site will need to be added ...

  17. Can I set up a OneDrive for Business Permission to Edit but not Delete

    Then you can go back to OneDrive for business page > select the folder you want to share > click Share > Click Three dots > Manage Access > Advanced > then you can click Stop Inheriting Permission > Grant permission > then you can type the email address and give the user this permission, as shown below: And we have tested it on our side, if we ...

  18. Assign eDiscovery Permissions Using Script Provided by Microsoft

    When I run the script below, i get this result every time: GetOD4BSites.ps1:67 char:18 + Write-Host "Done!" + ~ The string is missing the terminator: ".

  19. Microsoft Purview eDiscovery

    In this article. Electronic discovery (eDiscovery) solutions in Microsoft 365 provide investigation and eDiscovery solutions for IT and legal departments within corporations to identify, collect, preserve, reduce, and review content related to an investigation or litigation prior to export out of the Microsoft 365 system.. eDiscovery (Standard) builds on the basic search and export ...