Tom O’Connor just conducted an interview on his eDiscovery Channel with Rachi Messing & Stefanie Bier discussing Microsoft cloud attachments!

Stefanie is Principal PM Manager, Data Compliance and Privacy Products with Microsoft, which includes Microsoft’s eDiscovery solution, their data lifecycle management (i.e., information governance) solution, and their privacy solution. Stefanie has been in the industry for over a dozen years, starting out at Equivio and moving over to Microsoft when Microsoft acquired Equivio (working with Rachi at both places until Rachi’s departure from Microsoft in 2021).

Given Stefanie’s role with Microsoft, she is the key point person to discuss Microsoft’s handling of cloud attachments and much of the discussion was focused on Microsoft’s approach to cloud attachments, including current capabilities, current limitations and planned future enhancements to address those limitations. Here are a few of my takeaways from the interview with Stefanie:

• As discussed previously on this blog, you can collect the shared version, the most recent version, or all versions of cloud attachments with M365. However, you still need an eDiscovery Premium (E5) license to do so (though it doesn’t have to be a full E5 license).
• Microsoft 365 utilizes a cloud attachment retention policy to preserve cloud attachments. The “version as shared” is retained at the time of transmission, creating a separate copy linked to the message.
• Currently, the cloud attachment retention policy only applies forward from the time of its implementation.
• However, Microsoft is actively developing a feature that will allow for automatic preservation of all versions, both past and future, based on a user-centric preservation hold. Stefanie stated that it’s Microsoft’s “commitment” to do so “by the end of 2025”.
• Stefanie stated that Microsoft’s legal department has found that in over 35% of recent cases, the data in cloud attachments changed between the time it was shared and when it was later accessed.

That stat means that, in close to 2/3 of the cases, the data didn’t change – i.e., the version “as-sent” (aka, the contemporaneous version) and the current version are the same!

While that isn’t a scientific study, it’s the first statistic that indicates just how frequently the data changes for hyperlinked files. And it appears that Microsoft is providing an ability to get to the “as-sent” version of the file today (even if some manual effort is involved) and they’re working on enhancements to fully automate it! There’s hope!

Check out the very informative discussion with Stefanie Bier here or below via the eDiscovery Channel!

So, what do you think? Has your organization tried to collect cloud attachments from Microsoft 365? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.