Dela via

Use Process managers in eDiscovery (preview)

  • Artikel

Process managers are included for each of the primary areas in eDiscovery (preview). These managers allow you to view processes and associated information scoped to a specific area. Process managers are available by selecting Process manager in each of the following areas:

  • Cases
  • Searches
  • Review sets
  • Holds

Tip

Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.

Process manager information

The Process manager for each area displays information about processes performed in that area. For example, if you export data from the review set, an Export process item is listed in the Process manager list for the review set, but not listed in the Process manager lists for searches and holds. Each Process manager contains the following information scoped to the associated area:

  • Process type: The type of process.
  • Status: The status of the process.
  • Export name: The name of the export. For nonexport process types, this value is blank.
  • Created: The date and time the process was created.
  • Completed: The date and time the process was completed.
  • Duration: The duration of the process.
  • Created by: The user that created the process.

To customize the columns display for the Process manager, select Customize columns to choose the columns to display or drag and drop the columns in the list to reorder. To download the list of processes and the column information, select Download list to create a .csv file containing this information.

Grouping processes

When viewing a large list of processes for an area, it's often helpful to group process. Select Group to group review sets by the following parameters:

  • None: Processes are ungrouped in the Process manager.
  • Process type: Processes grouped by the Process type values.
  • Created by: Processes grouped by the Created by values.

Process details

Select a process listed in the process manager for more information in the following areas:

  • Overview tab: Lists a summary of information for the process. Includes a calculation for the time remaining to completion for in-progress processes. Select Download report to combine all Overview information into a single .zip file. This file contains the files included in the Download report section later in this article.
  • Settings tab: Summarizes the Search & analytics setting options selected for the case.

Progress bar

When a process is selected in the Process manager, a progress bar is displayed that shows details about the current state of the process. For long-running processes, there are three phases:

  • Assessment phase: In this phase, the progress is submitted and backend services assess the scope of the process. This includes examining the input conditions based on data sources, query, and relevant process settings. The service analyzes the scope of the work and identifies the number of locations and number of items for processing. During this phase, a completion estimate isn't available and a flashing progress bar is displayed. The progress bar displays the status of the assessment while the scope is calculated. When all locations and items are identified, the process transitions to the next phase.
  • In progress phase: In this phase, the progress bar displays the current status, number of locations, and number of items for the process. An estimated completion and current elapsed time are displayed in hours, minutes, and seconds.
  • Catch-up phase (optional): If there are locations or items with errors, processing is retried. The progress of the retires is displayed.

Download report

All processes support the ability to download a packaged report. The packaged report name is Reports-caseName-EntityName-ProcessName-timestamp.zip. With EntityName being the user given name to the search or hold. Depending on the process, the report contains different .csv files.

  • Summary: Tracks the time the process started, when it ended, the number of total items or locations, and the user who submitted the process request. It also contains the search query used. For Add to review set and Export from search processes, the summary report contains the summary of factors affecting the total item count added to review set or exported. The report name is Summary_the date/time of the report.csv.
  • Settings: Contains the enumerated settings parameter for the process and values. The report name is Settings_the date/time of the report.
  • Statistics: Contains all statistics details for the process, including all categories (if the setting was selected during process submission) such as sensitive information types, data type, and communication participants. The report name is Statistics_the date/time of the report.
  • Locations: Tracks all data sources and associated locations scoped for the process. Includes the user/group entity name, location (mailbox/site URL), and count returned for that location. Also includes the status of the location (success/error and error detail). The report name is Locations_the date/time of the report.
  • Items: Track all items processed, including information such as item ID, location of the item, subject/title of the item, item class/type, and success/error status. The report name is Items_the date/time of the report.

The following table shows the process types and available reports:

Process type Summary Settings Statistics Location Items
Add to review Supported. Supported. Supported. Supported.
Apply hold/rerun policy Supported. Supported.
Export (review set) Supported. Supported. Supported. Supported.
Export (search) Supported. Supported. Supported. Supported.
Generate sample Supported. Supported. Supported. Supported.
Generate statistics Supported. Supported. Supported. Supported.
Redact Supported. Supported. Supported.
Tag Supported. Supported.

Summary CSV report

All reporting packages contain a Summary-the date/time of the report.csv file. This file contains the following information:

Overview

The following details are included in this section of the report:

  • Query: The query conditions for the applicable process types.
  • StartTime: The date/time when the report generation was started.
  • EndTime: The date/time when the report generation was completed.
  • SubmittedBySmtp: The SMTP address for the user creating the report.
  • Security filter: The status of the application of a security filter or compliance boundary.
  • Region: Determines the datacenter location where searches are conducted for SharePoint sites and OneDrive accounts. It specifies the datacenter from which search results are exported during the export process.
  • Roles: The roles assigned to the user creating the report.

Search results

Summary of number of items that matched your search query, including partially indexed items or items where advanced indexing was performed (depending on what setting you selected). The following details are included in this section of the report:

  • Indexed items: Number of items matching the query that were natively indexed by Exchange and SharePoint.
  • Partially indexed items: Number of partially indexed items that might not match the query. Included if you chose to include partially indexed items.
  • AdvancedIndexedItems: Number of items matching the query if you chose to perform advanced indexing on partially indexed items.

Error

The following details are included in this section of the report:

  • Retrieval exceptions: Number of items that weren't exported or added to review set due to exceptions such as empty files, access timeouts, etc.

Warning

  • Items with processing errors: Number of items that experienced processing errors but were still exported or added to the review set. These errors could be caused by unsupported file types, decryption issues, etc.

Totals

The following details are included in this section of the report:

  • Total items collected: Total number of items exported or added to the review set. This number factors in items from estimated results, the settings that might increase or decrease the number of items retrieved, and items that weren't collected due to errors.

Information

The following details are included in this section of the report:

  • Duplicates in review set (skipped): Items that were skipped because they already exist in the review set.
  • Cloud attachments: Number of cloud attachments in email messages and Teams conversations that originated from links shared through SharePoint or OneDrive. Maps to the setting Access links(cloud attachments) in messages.
  • Cloud attachments versions: Number of cloud attachment versions that were collected depending on whether you chose to include more than just the latest version in your query.
  • Cloud attachments at time of sharing: Number of cloud attachments versions that represent the original version shared from SharePoint or OneDrive. This applies only to cloud attachments that have a retention label applied, which retains a copy of the file at the time of sharing.
  • Contextual conversation: Number of contextual chat messages that were collected along with the message that matched your query. This indicate the number of additional messages collected before and after the message with hit. Maps to the setting "Include Teams and Viva Engage conversations". -Teams conversations consolidated into transcripts: Teams chat conversations that were converted to HTML transcript files. This will result in many Teams chat message to be consolidated into a single HTML transcript. Maps to the setting "Organize conversations into HTML transcripts".
  • SharePoint file versions: Number of SharePoint file versions that were collected depending on whether you chose to include more than just the latest version.
  • SharePoint list items collected as .csv files: Matches from the same SharePoint list are exported or added to review set as a single SharePoint list csv item. Maps to the setting "Collect files attached to SharePoint lists and their child items."
  • List attachments: Number of list attachments collected. Maps to the setting Include list attachments when collecting files attached to SharePoint lists.
  • Items in SharePoint folders: Number of items expanded from SharePoint folders that matched your query. Maps to setting Collect all items (even if they don't match search query).
  • Items extracted from parent items: Number of embedded or attached items that were extracted from parent items. For example, this might include attachments or embedded images from an email that matched your query.