Create E-Discovery Search - Blink Documentation

Creates an e-Discovery search.

Least privileged Microsoft Graph permission to access the action via application: eDiscovery.Read.All.
Higher privileged Microsoft Graph permission to access the action via application: eDiscovery.ReadWrite.All.

External DocumentationTo learn more, visit the Microsoft E-Discovery documentation.

Basic Parameters

Parameter	Description
Content Query	The query used for the search in Keyword Query Language.
Custodian Data Source	A single or a comma-separated list of `Custodian Sources`. Custodians are typically URLs pointing to specific users, sites, or groups within an eDiscovery case. Note: At least one `Custodian` or `Noncustodial` data source is required to execute this action. Valid Formats: * `https://graph.microsoft.com/v1.0/security/cases/ediscoveryCases/{CaseID}/custodians/{CustodianID}/userSources/{UserSourceID}` * `https://graph.microsoft.com/v1.0/security/cases/ediscoveryCases/{CaseID}/custodians/{CustodianID}/siteSources/{SiteSourceID}` You can obtain each of the required IDs by using the following actions: `List E-Discovery Cases`, `List Custodians`, `List Custodians User Sources`.
Description	The description of the search.
Display Name	The display name of the search.
E-Discovery Case ID	The e-Discovery case ID of the case that the search will belong to. Can be obtained by using the `List Cases` action.
Noncustodial Data Source	A single or a comma-separated list of `Noncustodial Sources` to include in the search. Noncustodial sources reference data sources that are not tied to a specific custodian, such as shared mailboxes or public folders. Note: At least one `Custodian` or `Noncustodial` data source is required to execute this action. Valid Formats: * `https://graph.microsoft.com/v1.0/security/cases/ediscoveryCases/{CaseID}/noncustodialdatasources/{NoncustodialSourceID}` You Can obtain each of the required IDs by using the following actions: `List E-Discovery Cases`, `Create Noncustodial Data Source`.

Advanced Parameters

Parameter	Description
Date Source Scopes	The option to search across all mailboxes or sites in the tenant.

Example Output

{
	"displayName": "My search 2",
	"description": "My first search",
	"contentQuery": "(Author=\"edison\")",
	"custodianSources@odata.bind": [
		"https://graph.microsoft.com/beta/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/custodians/0053a61a3b6c42738f7606791716a22a/userSources/43434642-3137-3138-3432-374142313639",
		"https://graph.microsoft.com/beta/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/custodians/0053a61a3b6c42738f7606791716a22a/siteSources/169718e3-a8df-449d-bef4-ee09fe1ddc5d",
		"https://graph.microsoft.com/beta/security/cases/ediscoveryCases('b0073e4e-4184-41c6-9eb7-8c8cc3e2288b')/custodians('0053a61a3b6c42738f7606791716a22a')/unifiedGroupSources('32e14fa4-3106-4bd2-a245-34bf0c718a7e')"
	],
	"noncustodialSources@odata.bind": [
		"https://graph.microsoft.com/beta/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/noncustodialdatasources/35393639323133394345384344303043"
	]
}

Workflow Library Example

Create E Discovery Search with Microsoft E Discovery and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example