Microsoft Purview eDiscovery (Premium) in an SMB Environment (M365 Business Premium)

Microsoft Purview eDiscovery (Premium) is an advanced electronic discovery tool in Microsoft 365 that provides an end-to-end workflow for internal and external investigations. It enables organisations to identify, preserve, collect, review, analyse, and export electronic information from across Microsoft 365 (Exchange emails, SharePoint/OneDrive files, Teams chats, etc.) for legal or compliance purposes[1]. This solution builds upon the basic eDiscovery features that come with Microsoft 365 Business Premium (also known as Core eDiscovery or eDiscovery (Standard)), adding powerful capabilities such as dedicated cases, custodian management, legal hold notifications, review sets, and analytics with machine learning. In this report, we’ll explain what Purview eDiscovery (Premium) offers, how to set it up and use it effectively in a small or medium-sized business (SMB), and how it fits into the Microsoft 365 Business Premium licensing. All prices are provided in Australian dollars (AUD), and the content is tailored for an SMB already using Microsoft 365 Business Premium.

Overview of Microsoft Purview eDiscovery (Premium)

Microsoft Purview eDiscovery (Premium) (formerly Advanced eDiscovery) is part of the Microsoft Purview compliance suite. It is designed to facilitate legal discovery and investigations by providing a one-stop solution within Microsoft 365. Key features and benefits include:

Why is this important for an SMB? Even smaller organisations must occasionally respond to legal matters – such as employee disputes, client litigation, or regulatory inquiries. Purview eDiscovery (Premium) brings enterprise-grade eDiscovery capabilities to your business without requiring you to export data out of Microsoft’s secure cloud until necessary. It ensures that if you are ever faced with an investigation or lawsuit, you can respond quickly and defensibly by collecting exactly the information needed (and nothing more) and preserving its integrity. The advanced tools (like machine learning analysis) can be especially helpful for SMBs who may not have large legal teams – by automating part of the review, the tool can help a small team find the important needles in the haystack of emails and files.

Note: Microsoft Purview eDiscovery (Premium) is an upgrade to the standard eDiscovery capabilities that are already available in Microsoft 365. In Microsoft’s lineup of eDiscovery solutions: Content Search (basic searching across data), Core eDiscovery (Standard) (cases, legal hold, basic search/export), and eDiscovery (Premium) (full advanced suite) – the Premium offering is the most feature-rich[1][1]. Business Premium includes the Standard eDiscovery features by default, as we discuss next.

Licensing Considerations and Comparisons (Business Premium vs E5)

Before enabling eDiscovery (Premium), it’s critical to understand the licensing requirements, especially since our scenario is an SMB on Microsoft 365 Business Premium. Microsoft 365 plans differ in which eDiscovery features are included:

Microsoft 365 Business Premium – includes Core eDiscovery (Standard) features. This means you get Content Search, the ability to create eDiscovery cases, place content on hold, and export data[1][1]. In fact, Business Premium (like the comparable Office 365 E3 plan) includes Exchange Online Plan 2, which provides mailbox archiving and litigation hold capabilities out-of-the-box. However, eDiscovery (Premium) is not included in Business Premium; it requires additional licensing. Business Premium, being an SMB-focused plan (up to 300 users), is limited to standard compliance tools like basic eDiscovery, audit, retention, sensitivity labels, etc.[2].
Microsoft 365 E5 (Enterprise) – includes eDiscovery (Premium) by default (along with all E5 advanced compliance features). If a business has M365 E5 or Office 365 E5 licenses for its users, those users can utilise the full advanced eDiscovery capabilities[1]. E5 is an enterprise-grade plan (no user limit) that adds all the advanced compliance, security, and analytics features on top of E3. For SMBs, E5 may be beyond needs and budget, but it’s the plan where eDiscovery Premium is bundled.
Add-On Licensing (E5 Compliance or eDiscovery & Audit) – Microsoft offers the advanced compliance features as add-ons so that organisations on lower plans (like Business Premium or E3) can get eDiscovery (Premium) without migrating everyone to E5.[2] Two common add-ons:
- Microsoft 365 E5 Compliance – this add-on includes eDiscovery (Premium), plus other compliance features like Advanced Audit, Records Management, Communication Compliance, etc. It essentially lights up the entire Purview compliance suite for a user. This add-on can be added to a user licensed with Business Premium (or E3)[2].
- Microsoft 365 E5 eDiscovery and Audit – a more targeted add-on that includes just the eDiscovery (Premium) and Advanced Audit capabilities (without some of the other E5 Compliance features). This is often a slightly lower-cost way to get eDiscovery Premium for specific users[2]. This can also be added on top of Business Premium or E3 licenses for those users who need advanced eDiscovery.

In our SMB scenario, since the company is already on Business Premium, you have two main options to gain eDiscovery (Premium) features: either upgrade certain users to an E5 plan, or (more cost-effectively) purchase the E5 Compliance or E5 eDiscovery\&Audit add-on for those users. Typically, you would buy the add-on for each user who will be a custodian (i.e. whose mailbox and data you need to search in a case) or who will actively use the eDiscovery Premium tools. Microsoft licensing requires that any user whose content is being processed with eDiscovery (Premium) (e.g. placed on hold and added to a review set) must be licensed for it[1]. In practice, you might start by licensing a small number of users (perhaps your IT admin or compliance officer and any employees likely to be involved in legal matters) with the add-on, rather than all 300 users.

The table below compares the relevant plans and costs, focusing on eDiscovery:

Plan / License	Monthly Price^* (per user)	eDiscovery Features Included	Notes for SMB
Microsoft 365 Business Premium (BP)	AU$32.90 (paid annually)¹[3]	Core eDiscovery (Standard) – Content Search across M365, create cases, place holds, basic search and export.[2] Advanced eDiscovery (Premium) not included.	Up to 300 users. Great built-in compliance basics (audit log, retention, DLP, etc.), but no AI analytics or custodian management without add-ons.
Microsoft 365 E5 Compliance (add-on for BP/E3)	~AU$18.00 (per user add-on)²[4]	Adds eDiscovery (Premium) – Full advanced eDiscovery capabilities (custodian management, review sets, analytics) plus Advanced Audit and other compliance features.	Attach this to Business Premium users who need advanced eDiscovery. More affordable than full E5; can pick specific users (e.g. IT, HR, Legal).
Microsoft 365 E5 (full suite)	~AU$78.30 (per user)³	eDiscovery (Premium) included (also includes all E5-level security & compliance features, e.g. Defender, Insider Risk, etc.).	Unlimited users. Expensive for SMB; typically not necessary if only compliance is needed – an add-on is usually preferred for SMBs.

^*Pricing is approximate per-user, in Australian dollars (excluding GST). Microsoft prices are subject to change and may vary by provider or term.\ ¹ AU$32.90 user/month is the annual subscription price for Business Premium, billed per year (approx AU$394.8/year). Monthly commitment pricing may be slightly higher. [3]\ ² AU$216 per user/year noted for E5 Compliance in an Australian vendor listing[4] (~$18/month). Microsoft does not always list add-on prices publicly, but this is in the correct range.\ ³ AU$78.30 is a referenced price for Microsoft 365 E5 plan. This likely corresponds to the base price per month per user (approx $861/year) for the full E5 plan in Australia.

What does this mean for our SMB? Since you already have Business Premium, you do not need to upgrade everyone to E5. The most cost-effective approach is to identify which users will be involved in eDiscovery cases and assign an add-on license to those individuals. For example, you might purchase 5x E5 Compliance add-on licenses and assign them to: the Global admin or IT manager who will run eDiscovery, your HR manager in case of employee investigations, your CEO or legal counsel, etc. This way, if any of these people’s data needs to be put on hold or analysed, or if they need to perform the investigation, you’re properly licensed. (Other users not licensed can still have their data searched using Core eDiscovery if needed, but they cannot be added as custodians in an advanced case or have their content analysed with the advanced tools without license compliance issues.)

Additionally, Microsoft offers a 90-day trial of the full Purview compliance features for up to 25 users[1]. This trial can be used if you want to evaluate eDiscovery (Premium) or if you have a one-off urgent need (for instance, an unexpected legal case) and prefer to try the capabilities before committing to purchase. Keep in mind after 90 days the trial ends, so for ongoing needs an add-on is required.

Enabling and Setting Up eDiscovery (Premium)

Once the appropriate licenses are in place for the necessary users, you can proceed to enable and configure eDiscovery (Premium) in your Microsoft 365 tenant. The setup involves granting permissions, adjusting some settings, and then using the eDiscovery tools to create cases and perform investigations. Below is a step-by-step guide tailored for an SMB admin:

Step 1: Verify Licensing Prerequisites\ Ensure that any user who will either manage eDiscovery cases or be a custodian in a case has the right license. In a Business Premium environment, this typically means assigning the Microsoft 365 E5 Compliance add-on (or the more targeted E5 eDiscovery and Audit add-on) to those users[1]. For example, if Jane Doe (HR Manager) will run eDiscovery searches and you plan to collect data from John Smith (an employee under investigation), both Jane and John should have the add-on. This licensing step is crucial for the eDiscovery (Premium) features to be accessible in the Purview portal and to comply with Microsoft’s requirements. (If you attempt to add an unlicensed user as a custodian in a Premium case, the system may not stop you, but you would be out of compliance – so do this right before proceeding.)

Step 2: Assign eDiscovery Permissions\ By default, even a global admin cannot access eDiscovery (Premium) cases until permissions are assigned. As an admin, go to the Microsoft Purview compliance portal (Compliance Center) and add the relevant users to the eDiscovery Manager role group[4]. There are two main roles:

eDiscovery Manager – can create and manage cases, add custodians, perform searches, etc. Members of this role group will actually conduct eDiscovery operations.
eDiscovery Administrator – (optional) can access all cases in the organisation (typically reserved for compliance officers or very high-level oversight).

For a small business, you might simply add yourself (IT admin) and perhaps one other trusted individual (like a compliance manager or legal advisor) as eDiscovery Managers. This will give you the ability to create cases and use all eDiscovery (Premium) functions[4]. (You can do this under Compliance Portal > Permissions > eDiscovery Manager: add users as Members.)

Step 3: Configure Global eDiscovery Settings (Optional)\ Microsoft Purview eDiscovery (Premium) has a few tenant-wide settings you might want to configure. The primary one is Attorney-Client Privilege (ACP) detection. If your investigations might involve communications with attorneys, you can enable the ACP detection model: this uses machine learning to flag documents that likely contain attorney-client privileged information[4]. Enabling it involves uploading a list of your organisation’s attorney emails so the system knows what correspondents might be lawyers. This step is optional – not enabling it won’t prevent using eDiscovery, it only means you won’t get automated privilege tagging. As an SMB, you might skip this unless you have in-house counsel or frequent legal communications. If needed, you can turn it on later via Compliance Portal > eDiscovery (Premium) > Settings.

Additionally, verify that certain enterprise applications required for eDiscovery are active in your tenant (they usually are enabled by default). These include “ComplianceWorkbenchApp” and “MicrosoftPurviewEDiscovery” among others[4]. In most cases, you won’t need to touch this, but if someone had previously disabled any Purview apps, you’d re-enable them in Azure AD’s Enterprise Applications settings.

Step 4: Create a New eDiscovery (Premium) Case\ With permissions in place, you can now create a case. In the Purview Compliance portal, navigate to eDiscovery > eDiscovery (Premium). Click “Create case” and give it a name and description (e.g., “Employee Separation – John Smith – Sept 2025”). This sets up a secure container for all the eDiscovery activities related to that matter. Only users added as case members (which initially will be you, since you created it) can access the case data. Once the case is created, you’ll enter the case dashboard which has several tabs: Data Sources, Holds, Collections, Review Sets, Analytics, Exports, etc.

Step 5: Add Custodians (Data Sources) and Apply Holds\ Identify the people (and/or teams or sites) that are relevant to the case – these are your custodians. In our example, if investigating John Smith’s communications, John is a custodian. Go to the “Data Sources” or “Custodians” section of the case and add the user accounts, SharePoint sites, or Teams you need to include[1]. When you add a person as a custodian, eDiscovery (Premium) will automatically detect all content locations associated with that user (their Exchange mailbox, OneDrive, Teams chats, etc.).

After adding custodians, set up a Legal Hold on their content locations (Exchange mailbox, OneDrive, SharePoint sites, etc.)[1]. In the Holds tab within the case, create a hold, give it a name, and choose the custodians or specific locations to preserve. You can optionally narrow the scope (for example, only hold items from after a certain date or only specific keywords), but generally for a legal hold you preserve everything for that user during the relevant time frame. Placing content on hold ensures that even if the user deletes emails or files, or if retention policies would normally purge data, the content is preserved immutably for the case’s duration[1]. In an SMB, you might not have elaborate deletion policies, but it’s still wise to apply a hold so nothing relevant can disappear.

If required, you can also add non-custodial data sources – for example, if you need to collect data from a SharePoint site or mailbox that isn’t tied to a specific user/custodian (like a shared mailbox or public folder), you can add those separately in eDiscovery (Premium).

Step 6: (Optional) Send Notifications to Custodians\ One feature of eDiscovery (Premium) is the ability to manage custodian communication. If your legal team requires that custodians (employees) are notified that they must not delete anything related to the case, you can use the built-in notification workflow[1]. This will send an email to the user (using a template you can customise) saying, for example, “You are on legal hold for case XYZ – here are instructions…”. The system can track who has acknowledged the notice and even send reminders or escalate if someone doesn’t respond. For a small company, this formal process might or might not be needed – often HR or management will inform the person directly if appropriate. But if you do use it, it ensures a documented trail that John Smith was told to preserve data. You can manage these under the Communications or Notices section within the case (depending on the UI updates).

Step 7: Search for Relevant Content (Collections)\ Now comes the discovery part – finding the data you need. Under Collections (or Search in some interface layouts), create a search query within the case. You can search across all custodians added to the case or specific ones, and across various content types: Exchange email, SharePoint documents, OneDrive files, Teams chats, etc., all in one go[1]. Use keywords, phrases, and query conditions to narrow down the results. For example, if we are looking for emails John Smith sent to a specific client about “Project X”, we might add query parameters like: keywords: "Project X" AND sender: john.smith@ourcompany.com AND recipient: client@partner.com. You can also use conditions like date ranges, specific SharePoint site paths, message types, etc. The interface provides filters to help build these. After running the search, eDiscovery will show statistics – e.g. “500 items found, 300 from Exchange, 200 from OneDrive” – so you can gauge if your query is on target[1]. You can refine the query as needed to reduce or expand results.

Once satisfied, save the search and then collect the data. “Collection” in eDiscovery (Premium) essentially means copying the responsive content into the case’s Review Set for analysis. When you initiate a collection, the system will copy all the items that matched your query from their live locations into a secure Azure storage area associated with the case[1]. Importantly, this does not remove or alter the originals (they remain in mailbox, etc., and also on hold); it’s just making a static copy for us to review. You can choose to collect all results or only a sample, and you can have multiple searches/collections per case (e.g. one search for emails, a separate one for Teams chats, etc., each added to the review set).

Step 8: Review and Analyse Collected Data\ Now switch to the Review Sets tab of the case. Here you’ll see one or more review sets (create a new one if the wizard hasn’t already). In most cases, a single review set per case is used, containing all collected content. In the review set, you can view and triage the documents and communications that were collected. The interface provides a document viewer and query builder: you can filter items by custodian, date, keyword, or other metadata. You can also apply tags to mark items (for example, tag some as “Relevant”, “Privileged”, or “Irrelevant”) to organise your review.

This is where advanced analytics come into play, making the review process more efficient:

You can enable Threading to group email conversations, so you see whole threads instead of duplicate individual messages[1].
Use Near-Duplicate Detection to have the system find documents that are very similar (perhaps different versions of the same file).
Leverage Predictive Coding (Training): you review and tag a set of documents (marking which are relevant to your case), then you can have the system train a machine learning model to predict relevance for the remaining documents[1]. This can help prioritize which documents to review next – a big time-saver if you have thousands of items. In a small case, you might not need this, but it’s there for larger data sets.
Keyword Statistics and Analytics: eDiscovery Premium will show you things like the top keywords, email senders, etc., in the review set. It can also flag anomalies or hidden content (for example, if an email had an encoded attachment that wasn’t indexed before, advanced indexing helps surface that[1]).

During review, you might decide some search results were noise. You can refine your searches and perform additional collections, or you can simply tag and filter out irrelevant items. The goal is to narrow down to the truly important materials.

Step 9: Export Data for External Use\ After reviewing, you will likely need to export the data (e.g. to provide to a requesting party, or to load into a legal review tool for outside counsel). In the Exports section of the case, you can create an export job. You’ll choose which review set (and optionally which filters or tags) to include in the export. You can output everything or only items tagged “Relevant”, for instance.

Microsoft provides a couple of export options:

Download via Browser: The system prepares the data (staging it in Azure Blob storage) and then you download a compressed package with the results. This can include the original files/emails, plus metadata and load files (CSV/Excel or format for eDiscovery review platforms). Email messages can be exported as PST or individual MSG files, documents in their native format, etc. You’ll also get a report summarising the export.
Export to Azure Storage: You can directly export the data to a customer-provided Azure Blob Storage container[1]. This is useful if the data set is huge (many GBs) or if you want to directly transfer it to another environment. You would specify an Azure storage SAS URL, and eDiscovery will copy the data there instead of you downloading it. This is often used by larger enterprises, but an SMB might simply use the download method for convenience.

Once exported, verify the data and reports. The audit log in Microsoft 365 will have records of the searches, holds, and export actions performed, which is good for compliance traceability.

Step 10: Close or Manage the Case\ After the investigation is concluded, you can close the eDiscovery case (which lifts any holds placed via that case, allowing normal data lifecycle to resume). Typically, you’d only close it once you’re sure all legal duties to preserve are complete. You can also keep the case open for future if it’s an ongoing matter. Microsoft allows you to keep multiple cases and they don’t count against any quota (though there are limits like each case can hold up to a certain number of custodians, etc., but an SMB is unlikely to hit those limits). It’s good practice to document in the case notes what was done, for future reference. Keep exported data in a secure location as needed by your legal/compliance policy.

The above steps represent a full lifecycle of using eDiscovery (Premium) in an SMB scenario. Not every case will require every step (for example, minor internal searches might not require hold notices or predictive coding), but the setup ensures you have the capability ready.

Policy Configuration: Holds, Retention, and Permissions

The term “policy configuration” in the context of eDiscovery primarily refers to how you preserve and manage data for discovery. We’ve touched on legal holds configured within eDiscovery cases – these are essentially case-specific preservation policies. A few additional points on policies and configuration for effective eDiscovery:

Retention Policies vs. eDiscovery Holds: As a Business Premium subscriber, you likely have some Microsoft Purview Data Lifecycle Management capabilities (like retention policies). A retention policy (outside of eDiscovery) might, for example, say “Keep all Exchange email for 7 years.” If such a policy exists, it ensures data is available for eDiscovery, but it’s broad. An eDiscovery hold is more targeted – e.g. “Preserve John Smith’s mailbox and OneDrive indefinitely for this legal case.” It’s worth reviewing your retention policies in the Purview Data section. For SMBs, many simply rely on default (which is to keep everything until deleted by user). We recommend enabling at least basic default retention for critical data if possible (so that if a user deletes something, it’s still recoverable). However, even without that, once you know of an issue, applying an eDiscovery hold will override deletions[1]. Decide based on your compliance needs if you want proactive retention policies configured (this can complement eDiscovery by reducing risk of losing data before a hold is placed).
Holds Scope and Performance: When configuring holds in a case, be mindful of scope. Holding an entire mailbox is simplest (and ensures nothing slips through), but it also means a lot of data might be preserved that is irrelevant (e.g. personal emails, unrelated projects). In eDiscovery (Premium) you have the option to apply query-based holds (e.g. only items with certain keywords). Use this carefully – if you know precisely the date range or keywords of interest, a narrower hold can reduce noise. But if unsure, it’s safer to hold more broadly to avoid accidentally allowing deletion of a relevant item. Also note that too many wide holds could impact storage (held data is retained in the Recoverable Items of Exchange, for instance). In an SMB, this is rarely a problem unless you’re tight on mailbox storage or have many lengthy cases.
Roles and Access Control: We already set up the eDiscovery Manager roles. As a best practice, limit the number of people with eDiscovery permissions. The ability to search through all company communications is powerful and sensitive. In a small business, maybe only one or two admins should have that capability[4]. If you have a separate security or compliance officer, use the role groups to segregate duties (e.g. IT admin can prepare data, but perhaps only the HR manager or an external lawyer actually reviews the content). Such role segregation can help maintain confidentiality. Microsoft also offers an audit log of eDiscovery activities, so any searches or data access are recorded.
eDiscovery Case Settings: Within each case, you can configure some settings, such as adding case members (if you want to allow, say, an external legal counsel who has a Microsoft account to review the case, or multiple internal reviewers). You might also configure search indexes re-indexing for custodians (the system does this automatically – it’s called Advanced Indexing – where it reprocesses any unindexed items when you add a custodian[1], so that nearly all content becomes searchable). Not much needs manual config here, just be aware it happens.
Monitor Compliance Center: After enabling eDiscovery Premium, keep an eye on the Microsoft Purview Compliance Center home or reports. Business Premium gives you access to Compliance Manager and audit logs. You’ll find an overview of alerts or any issues. If an eDiscovery search is too broad (returning many results) or if someone without permission tries to access a case, you could get alerts. It’s a good habit to check the Compliance portal regularly, even when you’re not actively doing eDiscovery, to ensure things like audit logging are enabled (which they usually are by default in M365)[5].

Effective Use of eDiscovery (Premium) in an SMB: Best Practices and Use Cases

Implementing eDiscovery (Premium) in a smaller organisation requires some planning and process to get the best results. Below are common use cases for eDiscovery in SMBs, followed by best practice recommendations to ensure you use the tool effectively and stay compliant.

These scenarios show that even in a smaller business, eDiscovery capabilities are valuable – they enable you to react promptly to serious issues or requirements. To make the most of eDiscovery (Premium) and avoid pitfalls, consider the following best practices:

Plan Licensing Strategically: Don’t overpay for licenses you don’t need, but ensure coverage for key individuals. Identify ahead of time who would spearhead an investigation (IT admin, HR, etc.) and which user data is most likely to be subject to discovery (executives, managers). License those with the E5 Compliance add-on in advance if possible. This way, if an incident arises, you’re ready to go. Remember that if you only occasionally need eDiscovery Premium features, you could opt to start a 90-day trial during an incident[1] – but use that option carefully (one trial per tenant) and track when it expires.
Prepare with Retention Policies: As mentioned, having a baseline retention policy for email and files can be a lifesaver. For example, setting Exchange Online to retain all emails for at least 1 year (even if deleted by user) means you have a one-year safety net to discover issues after the fact. Business Premium allows configuring such retention at no extra cost. This isn’t directly part of eDiscovery, but it complements it by ensuring data exists to be discovered. Avoid overly aggressive deletion policies on mail or Teams that could thwart your ability to investigate – or if you have them for compliance (say, deleting Teams chats after 30 days for privacy), be aware you’d need to act quickly with eDiscovery holds in an incident.
Act Quickly When Issues Arise: The sooner you create an eDiscovery case and place holds after learning of a potential issue, the better. Once a legal trigger (like a threat of litigation or a formal complaint) is known, promptly put relevant content on hold. This prevents any accidental or intentional deletion. Even if you’re not yet sure of scope, it’s better to hold a few extra mailboxes than to lose data. eDiscovery (Premium) can scale down to even a single mailbox case – it’s fine to use it for small matters.
Use Search Filters to Reduce Noise: SMB data sets might be smaller, but you also might not have staff to sift through hundreds of irrelevant items. Take advantage of the search query options. For instance, limit the date range to when the incident occurred, or filter to only communications with certain domains (like the customer’s domain in a client dispute). The goal is to make the review set as focused as possible, so your small team can manage the review. The analytics features (threading, deduplication) will help cull duplicates automatically, so enable them.
Leverage Tagging and Queries in Review: Develop a simple tagging scheme when reviewing documents, even if it’s just you doing it. For example, tag items as “Relevant” versus “Irrelevant”, and perhaps “Privileged” if some communications involve a lawyer. This will help if you need to hand off to someone else or revisit the case later. You can quickly filter on tags to collect what needs to be exported. It also provides documentation of what you considered relevant, which is useful if questions come up later.
Protect Sensitive Information: While conducting eDiscovery, you might come across very sensitive data (personal info, confidential contracts, etc.). Ensure that the case access is limited to only those who need to know. For instance, if you’re investigating an executive, maybe don’t add a junior IT person as a case member unless necessary. The content in eDiscovery is not visible to others by default – only case members – so maintain that discipline. Also, when exporting data, handle it securely (use encryption if sending to external counsel, etc.).
Audit and Document the Process: After a case, record what steps were taken. Microsoft’s audit log will automatically have entries for searches run, holds placed, and exports[6]. You can download these audit entries for the case if needed, or at least note the export report. This creates a defensible documentation that your SMB performed discovery properly (should it ever be challenged in legal proceedings). In small orgs, it’s easy to be informal, but when legal matters are involved, formality pays off.
Stay Updated on Features: Microsoft Purview is evolving. New features (or UI changes) might appear, especially as Microsoft retired the “classic” eDiscovery earlier and is all-in on the new Purview interface[1]. Keep an eye on Microsoft 365 Message Center and Purview blog updates. For example, Microsoft might roll out new analytics or support for new data types (like Viva Engage/Yammer content, which is now included[1]). Being aware ensures you can make use of improvements that could benefit an SMB (perhaps making eDiscovery easier or more automated).
Consider Training or Drills: It may sound excessive for a small business, but it’s worth doing a dry run of an eDiscovery case. For instance, imagine a scenario (an employee departure with possible IP theft) and try using eDiscovery Standard or Premium to retrieve related emails/files. This practice run will make you comfortable with the interface before a high-stakes situation occurs. Microsoft Learn has free modules on using Purview eDiscovery which can guide you through the process in a tutorial manner (those resources refer to “Advanced eDiscovery” – which is the earlier name for eDiscovery Premium).

By following these best practices, an SMB can effectively use Microsoft Purview eDiscovery (Premium) to its advantage – minimising the impact of legal or compliance inquiries and responding to them with confidence. You will be leveraging enterprise-grade tools to protect your small business, which is exactly the promise of Microsoft 365 Business Premium: bringing advanced capabilities in a cost-effective package for smaller organisations.

Licensing Summary & Conclusion

To recap, Microsoft Purview eDiscovery (Premium) is a powerful tool for electronic discovery that is available to Business Premium customers through an add-on or upgrade. Business Premium includes the essentials (Standard eDiscovery) such as content search and hold, which may suffice for basic needs. But when deeper investigation capability is needed – like managing custodians, running AI-driven analyses, and handling complex legal workflows – eDiscovery (Premium) provides those features[1][1]. We’ve outlined how to set it up step-by-step, from licensing and permissions to case creation and exporting results, with a focus on practicality in an SMB setting.

In terms of cost, an SMB already on Business Premium can enable eDiscovery (Premium) for a subset of users at roughly AU$18 per user/month via the E5 Compliance add-on[4], rather than paying ~AU$78 per user for a full E5 license. This makes advanced compliance affordable and scalable to your needs – you pay only for the employees who need these capabilities. Given that Business Premium users have many compliance features (like audit logging, DLP, sensitivity labels) included[7][8], adding eDiscovery Premium fills one of the few gaps in Business Premium when it comes to compliance tools.

In conclusion, Microsoft 365 Business Premium plus Purview eDiscovery (Premium) gives small and medium businesses a robust ability to respond to legal and regulatory challenges. By following the guidance on setup and best practices, your organisation can ensure that if a situation arises – whether it’s an internal investigation or external litigation – you can handle it in a defensible, efficient manner using tools built into your Microsoft 365 environment. This not only saves potential costs of outsourcing eDiscovery, but also keeps your sensitive data under your control during the discovery process.

References

[1] Microsoft Purview eDiscovery solutions | Microsoft Learn

[2] Microsoft Purview

[3] Microsoft 365 Business Plans and Pricing | Microsoft 365

[4] Get started with eDiscovery (Premium) | Microsoft Learn

[5] Microsoft 365 Business Premium Setup Checklist A Comprehensive Guide for IT Professionals

[6] Microsoft 365 Intro

[7] Modern-Work-Plan-Comparison-SMB

[8] Modern-Work-Plan-Comparison-SMB