Overview of Electronic Discovery Features in Exchange 2010

Recently, Sherpa Software sponsored a webinar on the new features of Exchange 2010. While my colleagues focused on compliance, email management, and PST migration, my segment focused on the e-discovery features released in the new version plus the enhancements included with Service Pack 1.

From my point of view, the Multi-Mailbox Search in Exchange 2010 is the first time Microsoft has successfully added features that allow a non-technical user to search the Exchange data stores effectively.  The new functionality should help the IT department (especially Exchange admins) take a big step back from the day to day handling of email discovery requests.  Exchagne 2010 will help empower the departments that initiate requests and use the results (Legal, Compliance, HR and the like) to run the searches themselves.

Some features that are particularly helpful include the wonderful new user interface, a choice to deduplicate results, listings of unsearchable items, annotation in result views and the use of the Role Based Action Controls to ensure security. There is also a very useful option that estimates the amount of time a search will take as well as the number of results it will produce without committing to the running of results. In addition, the progress dialog allows a user to track the stages of the search, with options to pause, restart or even modify it.

Separate from, but related to, e-discovery is the new litigation hold functionality.   The new version supports the preservation of all Exchange data in the Recoverable Item Folders (a.k.a. the Dumpster) in a manner transparent to the end user.  When enabled per mailbox, all data is kept regardless of whether it has been deleted or modified.  And even better, the ligation hold data can be searched as part of the Multi-Mailbox Search

The e-discovery features won’t completely enable the end users or ensure the freedom of the IT techs. Permissions must still be assigned, processes must still be created and some training will still be needed to help adapt new users to the Multi-Mailbox search.  Other solutions, such as Sherpa Software’s own Discovery Attender, will still be needed for searching older version mailboxes (i.e. 2003, 2007) in a mixed mode environments and Public Folders in any version. Tools will also be needed to search PSTs files that have not been migrated to Exchange as well as to find items stored in other email archiving systems.

In addition to the above, there are a few areas to keep in mind when implementing the Exchange 2010 Multi-Mailbox searching.  Users need to educate themselves on the challenges encountered when using indexes, especially the limitations therein (excluded items, default iFilters, syntax etc.).  Users should always select the option to include enhanced logging and unsearchable items for a complete audit trail.    Another minor, but highly annoying, issue is that some options are only available using the Exchange Management Shell or through some convoluted means (automating exports or excluding online archives, for example).  Lastly, don’t forget that only mailboxes with Enterprise Users CALs can be searched.

Despite these concerns, the e-discovery features in Exchange 2010 are a huge improvement over previous versions and should prove helpful to administrators and end users alike.


Leave a Reply

Your email address will not be published. Required fields are marked *