An Introduction to Managing Microsoft 365 Updates that Present Legal and Compliance Considerations

June 29, 2021




Increasingly, opportunities for cloud-based collaboration and efficiencies, and challenges presented by the rapid proliferation of complex data, are incentivizing organizations to transform their corporate data governance and eDiscovery operations from traditional self-managed infrastructure to the Microsoft 365 (M365) Cloud. Benefits in terms of convenience, security, robust functionality, and native capabilities related to eDiscovery and compliance are the primary drivers of this move.

While there are many benefits to moving into the M365 ecosystem, it requires legal and compliance teams to take on new considerations regarding the constant evolution that characterizes cloud software. With continually changing applications, establishing static workflows for eDiscovery, legal holds, data dispositions, and other legal operations is not enough. As the M365 software and functionality changes, workflows must be constantly evaluated to ensure their validity, relevance, and defensibility.

Exacerbating this challenge is the reality that the traditional IT change management paradigm designed to preemptively address cross-organizational considerations (including impacts to legal, compliance, and eDiscovery operations) does not fit the Cloud/SaaS framework. Organizations must now rethink their change management approach as they modernize with M365.

This is the first in a series of blog posts devoted to highlighting key changes that have been released into the M365 production environments. One of the biggest challenges for organizations is identifying which of the myriad of updates pose potential risks to eDiscovery operations. Distinguishing the changes that do and do not pose a significant eDiscovery impact can be extremely difficult unless the reviewer has some level of subject-matter expertise and understands the specific workflows deployed within the organization. Here are some common scenarios with potential eDiscovery impact that could easily go unnoticed by the untrained eye:

  • Updates that create a new data source
  • Updates that change a backend data storage location
  • Updates altering the risk profile of features that were previously disabled due to legal / privacy risk
  • Updates that render an existing eDiscovery process obsolete

Each subsequent blog post in this series will highlight an example of a software update related to our key software scenarios, detailing the nature of the change, the potential impact, as well as when and why organizations should care.

About the Author


Lighthouse is a global leader in eDiscovery and information governance solutions to manage the increasingly complex landscape of enterprise data for compliance and legal teams. Since our inception as a local document copy shop in 1995, Lighthouse has evolved with the legal technology landscape, anticipating the trends that shape legal practices, information management, and complex eDiscovery. Whether reacting to incidents like litigation or governmental investigations or designing programs to proactively minimize the potential for future incidents, Lighthouse partners with multinational industry leaders, top global law firms, and the world’s leading software provider as a channel partner.