Exchange 2010 includes some basic e-discovery features like multi-mailbox searching and role-based access controls. However, it has significant limitations including only searching Exchange mailboxes, limited search filters, inability to search public folders or encrypted messages. Third party software like Discovery Attender provides more robust e-discovery capabilities by searching a wider range of data sources and offering advanced search criteria and features. While Exchange 2010 is suitable for some light discovery needs, most organizations require a full-featured third party solution.
1. August 2012
The Sherpa Approach: Features and Limitations of
Exchange 2010 E-Discovery
Since 2006, the topic of Electronic Discovery [e-Discovery] has been evolving and growing
rapidly, in popularity and importance. Today, litigation (especially involving businesses) is
no longer a question of if it will happen, but rather a question of when it will happen. As an
IT, legal or compliance professional, it is your job to make sure your company is ready by
having a plan and the right tools in place when that time comes. E-Discovery software is
something no company should be without. And since you only have a certain amount of
time once your organization has been asked to collect and present all relevant
Electronically Stored Information [ESI], being proactive is critical. Microsoft has come to
this realization and decided to include e-Discovery features in Exchange 2010 and recent
service pack updates.
The release of Exchange Server 2010 and subsequent service packs has many companies
exploring some of the new native e-Discovery features. Why are people so interested in
utilizing the e-Discovery features of Exchange? If an organization can rely solely on the
inherent e-Discovery features within Exchange 2010, then there is no need to spend money
on third party products. Unfortunately, for many organizations, the inherent features may
not be sufficient.
It is a Sherpa Software recommendation and best practice that our current and prospective
customers look into all the features available to them within Exchange and to determine
whether the e-Discovery features provided are sufficient. As with many first attempts,
major limitations to the functionality of Exchange 2010 exist, and therefore, should be
understood before deploying. Let’s take a closer look at Exchange 2010, its limitations and
how third party e-Discovery software may be a better fit for your organization.
A Closer Look at How exactly has Microsoft differentiated itself against older versions of Exchange?
Recently, Microsoft’s areas of improvement within Exchange 2010 include its Multi-Mailbox
Exchange 2010’s Searching feature and Role Based Access Control [RBAC].
e-Discovery
Features “Multi-Mailbox Search enables search of mailbox items, including email, attachments,
calendar appointments, tasks and contacts. Exchange also indexes a long list of
attachment types as well as Information Rights Management-protected content. Multi-
mailbox search can work simultaneously across primary mailboxes, Personal Archives and
recovered items with an easy-to-use, web-based console. To help streamline discovery
processes, search results may be previewed with keyword statistics—before emails
discovered through search are copied and moved to a specified mailbox, as defined by the
administrator, for further investigation. Rich filtering capabilities include sender, receiver,
message type, sent/receive date and cc/bcc, along with Advanced Query Syntax (AQS)
support. Role Based Access Control now allows administrators to grant users such as
records managers, compliance officers and litigators specific rights to perform multi-mailbox
searches and other role specific tasks.”
Another notable difference in Exchange 2010 is the interface for performing the searches,
called the Exchange Control Panel (ECP), which now gives non-technical users (such as
corporate legal teams or even outside counsel) the flexibility to conduct searches without
having vast technical knowledge.
1
Microsoft Exchange Server 2010 - “Faster Discovery”: 1|Page
Both types of policies can be combined on the same item or folder. For example, an email
http://www.microsoft.com/exchange/en-us/email-archiving-and-retention.aspx
can be tagged so that it is automatically moved to the Personal Archive in 15 days and
deleted within 45 days. Administrators can also use archive policies to control when
messages are automatically moved from a primary mailbox to the Personal Archive.1
2. Exchange 2010 searches using basic search criteria such as sender or recipient
addresses, date ranges, a set of mailboxes, data types (including IM conversations
recorded to the conversation history folder, calendar items, notes, and Journal entries),
attachment types, and attachment content. Users have the ability to combine these criteria
using the standard Boolean (i.e. AND, OR) operators. When creating a new search, users
will need to specify the target mailbox (a special mailbox called a “Discovery Mailbox”)
where results should be stored. The option to enable the deduplication of search results
also exists. Depending upon the reasons for performing an e-Discovery search,
deduplication can be a significant time savings, but it may not always be legally
permissible.
When creating a new search in Exchange 2010, consider where the search results go.
Because Exchange 2010 copies messages to a Discovery Mailbox, users are guaranteed
that the Discovery Mailbox will have a complete set of search results, which can then be
acted upon without touching the original source. If more than 1 Discovery Mailbox is
needed, then those mailboxes need to be created using Powershell (not the EMC). This
mailbox will be created with no access permissions and by using Powershell, it obviously
increases the complexity of the project; making it improbable that a non-technical user will
be able to accomplish the task at hand.
E-Discovery Again, although seemingly vast improvements have been made to Exchange 2010, there
are still issues and downsides to using the inherent e-Discovery features. The limitations
Limitations in (listed below) restrict its ability to be a fully featured e-Discovery solution for most
Exchange 2010 organizations. Some of the limitations we’ve seen with Exchange Search include:
Only Searches Exchange 2010 Servers: Mailboxes that exist on legacy Exchange
servers, as well as non-Exchange servers, cannot be searched. Additionally, PST
files, file servers, file shares, archives, SharePoint, etc…cannot be searched.
Default Search Filters Limited: Standard Microsoft Office formats can be indexed
by Exchange 2010, but there is limited support for other common formats such as
the popular PDF file format. By default, the content of PDF messages is
unsearchable.
No Public Folder Search: Organizations with a significant investment in public
folders will find that they cannot search across public folder data using the native
Exchange Search functionality.
Localization and Language Limitations: Emails written in multiple languages are not
indexed by Exchange Search. In addition, queries made in a specific language
must match the locale of the local computer doing the search.
Encrypted Messages Not Indexed: Messages encrypted with S/MIME encryption
are not indexed and are subsequently not searchable.
One major limitation that Microsoft is trying to turn into a positive is with the licensing of its
Multi-Mailbox Search. In Exchange 2010, Multi-Mailbox Search required Enterprise CAL’s
for every mailbox that users wished to perform such searches on. Starting October 1,
2012, Microsoft has announced that they are “making a change to Exchange 2010 licensing
so you’ll no longer require an Enterprise CAL for Multi-Mailbox Search.” This is a big
change from how they’ve licensed this in the past, virtually making these features
completely free for public consumption.
2|Page
3. So, for organizations with light to medium discovery requirements, the built-in capability
may be enough. But for organizations that must frequently perform discovery searches and
have more complex search criteria or would like to search items stored outside of
Exchange 2010 mailboxes, a third-party solution is much more appropriate.
If the drawbacks within Exchange 2010 have you exploring alternative e-Discovery
How Discovery products, Sherpa Software’s Discovery Attender is definitely a tool worth considering.
Attender Discovery Attender is a software product designed to automate the search and collection of
Compares to the electronically stored information (ESI) across a wide variety of platforms. This cost-effective
solution empowers in-house talent to perform legal discovery on PST files, Exchange mail
E-Discovery stores, file servers, file shares, archives and SharePoint, in a cost-effective, efficient and
Features in reproducible manner. Discovery Attender streamlines the process of locating, culling and
producing data for electronic discovery requests, compliance, internal investigations,
Exchange 2010 regulatory inquiries and more.
This application features a quick installation, intuitive search setup with a robust feature set
unmatched for the price. In addition, the flexibility of the criteria will help answer the most
challenging of requests. Searches can be customized by keywords (including wildcards,
Boolean, proximity, RegEx and more), addresses, dates, and sizes over many common file
formats. More specifically, Discovery Attender’s list of extensive search features (that
Exchange does not provide) includes:
Searching of over 60 common types of document attachments
A host of powerful search criteria including regular expressions and fuzzy search
terms
Search results saved in a variety of different formats (including PST files) to be
shared with third parties or imported into case management tools
Searches a wide variety of ESI, including network PST files, public folders,
archives, file shares and more
Once you’ve acquired your data, Discovery Attender gives you a number of options for
organizing, reporting, and exporting your data. The result options include: deduplication,
indexing, annotation, and MD-5 hashing. Export formats support copying items to PST files
and also to native formats (including .MSG files for email messages). Most importantly, for
every search, action, and export, Discovery Attender maintains a meticulous log detailing
who searched what, where, when, and how. Why is that important? Maintaining a log of
the chain of custody is very important to all legal cases because you need to ensure that
everything about how this information was collected is readily available to both litigation
teams. It’s also important to demonstrate that proper protocol was followed throughout.
Conclusion Approximately every three years, Microsoft releases an updated version of the Exchange
Server. It should be no surprise that in Exchange 2010 and subsequent service packs,
they have included improved e-Discovery features. Email and electronically stored
information is already one of the most important pieces to legal proceedings in this day and
age. If you don’t have the proper tools to collect, manage and search electronically stored
information, you could end up spending a lot more than you anticipated on discovery, and
could face sanctions and fines by the court. As an IT, legal, or compliance professional, it
is your job to make sure you have a plan and the right tools in place for when e-Discovery
3|Page
4. litigation goes from if to when.
While Exchange Server 2010 provides basic discovery capabilities, it is Sherpa Software’s
opinion that they may not be adequate for all organizations. We still encourage all of our
customers and prospective customers to make this determination for themselves, along
with their legal and IT departments. If in fact you come to the conclusion that you need a
more fully featured e-Discovery solution, please explore what Sherpa Software’s Discovery
Attender has to offer. To get more information on Sherpa Software’s e-Discovery solution,
or for more on our perspective, contact us at information@sherpasoftware.com.
About Sherpa For over 10 years Sherpa Software has provided IT Professionals with award-winning
Software information management software specifically designed to address email management,
archiving, e-discovery, PST management and compliance requirements for Lotus Notes
and Microsoft Exchange environments. Based in Pittsburgh, Pennsylvania, Sherpa’s
solutions are practical, reliable and affordable and have been installed at thousands of
organizations worldwide. Their products offer flexible architectures that streamline
administrative processes without requiring any additional hardware or add-on components.
Sherpa Software is an IBM Premier Business Partner and a Microsoft Certified Partner.
For more information about Sherpa Software, visit www.sherpasoftware.com.
456 Washington Avenue
Bridgeville, PA 15017
www.SherpaSoftware.com
1.800.255.5155
4|Page
5. About the Author Ned joined the Sherpa Software team in November 2010. As the Sales & Marketing
Associate, Ned is responsible for marketing, sales, channel and technical support
aspects. He oversees all day-to-day tasks concerning software support renewals for the
channel sales team while also acting as a liaison between the Channel and Marketing
Departments. With the marketing team, Ned’s main focus is content creation. Each
month, he writes numerous blog posts, company positioning pieces and his fan favorite
“Off the Topic” articles, which are sent to almost 30,000 newsletter subscribers. As for
Ned’s technical support responsibilities, you can find Ned chatting with and helping
customers via our “Live Chat” function. Overall, Ned accomplishes a wide range of
business-critical functions for the team at Sherpa Software.
Ned graduated from Duquesne University in 2010, where he received a Bachelor’s of Science in Business
Administration, specializing in Entrepreneurship and new business creation with a minor in Spanish.
Ned is an avid sports enthusiast. In his time at Duquesne, he was heavily involved with the Men’s Club Volleyball
Team, not only as an active team member and player but also as President and Captain. Ned still enjoys playing in
competitive volleyball tournaments during his summers, along with other activities like basketball, hockey, boxing,
and running. He also loves other languages, cultures and its people – particularly Spanish. Ned spent time in Spain
where he was immersed in the language and culture while also taking classes at the Universidad Pontificia de
Salamanca (Salamanca, Spain). He hopes to visit Spain again in the future.
5|Page