Learn about access and permission settings in eDiscovery (preview) cases

Access and permission settings in eDiscovery (preview) allow you to add or remove users to a case, manage role group membership for a case, and to people outside your organization as guest users for a case.

Add or remove users from an eDiscovery case

You can add or remove users to manage who can access the case. However, before a user can access an eDiscovery case (and perform tasks in the case), you must add the user to the eDiscovery Manager role group in the Microsoft Purview portal. For more information, see Assign eDiscovery permissions.

Adding users to a case

Complete the following steps to add users to a case:

1. Go to the Microsoft Purview portal and sign in using the credentials for a user account assigned eDiscovery permissions.

2. Select the eDiscovery solution card and then select Cases in the left nav.

3. Select a case, the select Case settings.

4. On the Case settings page, select Access and permissions.

5. Under Users, select Add to add users to the case. You can also choose to add a role group to the case by selecting Add under Role groups.

6. In the list of users or role groups that can be added to the case, select the check box next to the names of the users or role groups that you want to add.

   Note

   When adding a role group to a case, you can only add the role groups that you are a member of.

7. After you've selected the people or role groups to add as members of the case, select Add. The selected users are added to the case.

   Important

   If a role is added or removed from a role group that you've added as a member of a case, then the role group will be automatically removed as a member of the case (or any case the role group is a member of). The reason for this is to protect your organization from inadvertently providing additional permissions to members of a case. Similarly, if a role group is deleted, it will be removed from all cases it was a member of. For more information, see Assign eDiscovery permissions.

Removing users from a case

Only an eDiscovery Administrator can remove users from a case. Even if you're assigned to the eDiscovery Manager role group or initially created the case, you won't be able to remove yourself or other members from a case unless you're also an eDiscovery Administrator. To remove yourself or other members from a case, contact an eDiscovery Administrator in your organization.

Complete the following steps to remove users from a case:

1. Go to the Microsoft Purview portal and sign in using the credentials for a user account assigned eDiscovery permissions.
2. Select the eDiscovery solution card and then select Cases in the left nav.
3. Select a case, the select Case settings.
4. On the Case settings page, select Access and permissions.
5. Under Users, select Remove to remove users from the case. You can also remove users from a role group for the case by selecting Remove under Role groups.
6. In the list of users or role groups that can be removed from the case, select the check box next to the names of the users or role groups that you want to remove.
7. After you've selected the people or role groups to add as members of the case, select Remove. The selected users are removed from the case.

Guest access in eDiscovery

With guest access, you can provide access to an eDiscovery case to people outside your organization. You can invite guests users to eDiscovery cases just like you can invite guests into your Teams environment. eDiscovery admins must enable guest access in eDiscovery before they can invite users as guests.

Invite guests to an eDiscovery case

After you've enabled guest access for eDiscovery, complete the following steps to invite guests to an eDiscovery case:

1. In the Microsoft Purview portal, navigate to eDiscovery > Cases and select the case you want to invite guests to.

2. In the selected case, select Case settings tab.

3. Select Access and permissions.

4. In the Guest users section on the Access and permissions page, select Invite.

5. On the Invite guest flyout pane, complete the following fields:

   • Full name: Enter the full name of the guest you want to invite.
   • Email address: Enter the email address of the guest you want to invite.
   • Organization: Enter the organization of the guest you want to invite.
   • Guest role: Select the role you want to assign to the guest. The guest is currently limited to Reviewer role group permission only.
   • Justification: Explain why this person needs access to the case.

6. Select Invite to submit the invitation request for review and approval by an eDiscovery admin.

Approve guest access requests

After guest invitations are submitted, eDiscovery admins must approve the requests before the guest can access the case. eDiscovery managers are notified of pending invitation requests on the Guest users page in eDiscovery settings in the Microsoft Purview portal

To review and approve guest access requests, eDiscovery managers must complete the following steps:

1. Go to the Microsoft Purview portal and sign in using the credentials for a user account assigned eDiscovery permissions.
2. Navigate to Settings > eDiscovery > Guest users.
3. Select the guest request and select Approve or Deny from the flyout pane.

If the guest is being added to the tenant for the first time, eDiscovery admins need to perform a two-step approval process. They first need to approve creation of an account, which may take up to 24 hours. After 24 hours, eDiscovery admins can approve guest access to the case. For future access requests for access to other cases for the same guest, only one-step approval is required.

In you encounter an error when approving the guest access to a case, check the following:

• The guest's email isn't disabled, blocked, or deleted by the tenant admin.
• If there are any members in the Reviewer role group whose Microsoft Entra account is deleted. Currently, an error occurs when adding a new member to a role group that has any deleted users. If the Reviewer role group has any deleted users, remove them from the role group and retry the guest approval.

Accepting guest invitations

After the request is approved by the eDiscovery admin, the guest receives a welcome email from Microsoft Invitations. This email contains information about the eDiscovery invitation and a link where the guest can accept the invite and sign in. The guest must select the unique link provided in the email or copy/paste the link in a browser to log into the specific eDiscovery organization.

Guests that have a work or school account in Microsoft Entra ID can accept the invitation and authenticate immediately. Other users are sent a one-time passcode to validate their identity. You must ensure that the one-time passcode setting is enabled in your organization.

After accepting the invitation and authenticating, the guest can participate in the eDiscovery case like an internal reviewer of the case and perform review activities such as querying, filtering, tagging, redaction, downloading single items for review, and more.

Removing guest access

An eDiscovery admin can remove a guest’s access to a case from eDiscovery settings page. To remove guest access for a user, eDiscovery admins must complete the following steps:

1. Go to the Microsoft Purview portal and sign in using the credentials for a user account assigned eDiscovery permissions.
2. Navigate to Settings > eDiscovery > Guest users.
3. Select the guest and select Remove from the flyout pane.

The guest continues to have access to other cases that they have been added to. When a guest is removed from the last case they have access to, they're removed from the Reviewer role group and won't have access to any cases in eDiscovery.

The guest continues to have a Microsoft Entra guest account in the organization. A regular review and clean-up of guest accounts from Microsoft Entra ID is recommended.