Microsoft's TechNet is a site where Microsoft shares information with IT professionals. The site includes an interesting post entitled, "In-Place eDiscovery in Exchange 2016". Microsoft Exchange Servier 2016 is specifically designed to accommodate eDiscovery requests by providing the ability to search through all mailboxes in an Exchange organization with In Place eDiscovery. The interface is designed to be user friendly, so that even, "legal and compliance officers, records managers, and human resources professionals" can perform searches.

The system allows for built-in de-deduplication, and identifies unsearchable material. Search results can be sent to target mailboxes which hold up to 50 GB of data. An 'In-Place eDiscovery & Hold wizard' allows email data to preserved, but there is not an option to put a hold on all mailboxes in an organization.

The TechNet site notes that the mailboxes of departed users will be lost after a certain period after they are disabled - by default 30 days. Microsoft's suggested solution for this problem is to keep these accounts active, but to prevent logons to the accounts, and set the sent or received message size limit to 1 KB so nothing can go out or in. It's interesting that Microsoft essentially recommends a workaround to the problem of retaining email data for former employees - a key problem in eDiscovery. It's those workers you had to fire that cause the most trouble . . .

Microsoft acknowledges that searches in its system can be inconsistent. It lists three factors that contribute to this problem:

• The continual indexing of incoming email because Exchange Search continuously crawls and indexes your organization’s mailbox databases and transport pipeline.

• Deletion of email by users or automated processes.

• Bulk importing large amounts of email, which takes time to index.

It's interesting to note that again to solve this problem Microsoft has not worked out a perfect solution. It says only to run searches on mailboxes under holds, to wait until indexing is fully complete, and do searches on off peak hours.

Key parameters:

1. Only two In-Place eDiscovery searches can be run simultaneously.

2. Up to10,000 mailboxes can be searched at once, but keyword statistics can only be viewed for searches limited to 100 mailboxes.

3. Up to 500 keywords can be included any one search.

4. An eDiscovery search will time out after 10 minutes.

.