Skip to main content

Create E-Discovery Search

Creates an e-Discovery search.

  • Least privileged Microsoft Graph permission to access the action via application: eDiscovery.Read.All.
  • Higher privileged Microsoft Graph permission to access the action via application: eDiscovery.ReadWrite.All.
External Documentation

To learn more, visit the Microsoft E-Discovery documentation.

Basic Parameters

ParameterDescription
Content QueryThe query used for the search in Keyword Query Language.
DescriptionThe description of the search.
Display NameThe display name of the search.
E-Discovery Case IDThe e-Discovery case ID of the case that the search will belong to. Can be obtained by using the List Cases action.

Advanced Parameters

ParameterDescription
Date Source ScopesThe option to search across all mailboxes or sites in the tenant.

Example Output

{
"displayName": "My search 2",
"description": "My first search",
"contentQuery": "(Author=\"edison\")",
"custodianSources@odata.bind": [
"https://graph.microsoft.com/beta/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/custodians/0053a61a3b6c42738f7606791716a22a/userSources/43434642-3137-3138-3432-374142313639",
"https://graph.microsoft.com/beta/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/custodians/0053a61a3b6c42738f7606791716a22a/siteSources/169718e3-a8df-449d-bef4-ee09fe1ddc5d",
"https://graph.microsoft.com/beta/security/cases/ediscoveryCases('b0073e4e-4184-41c6-9eb7-8c8cc3e2288b')/custodians('0053a61a3b6c42738f7606791716a22a')/unifiedGroupSources('32e14fa4-3106-4bd2-a245-34bf0c718a7e')"
],
"noncustodialSources@odata.bind": [
"https://graph.microsoft.com/beta/security/cases/ediscoveryCases/b0073e4e-4184-41c6-9eb7-8c8cc3e2288b/noncustodialdatasources/35393639323133394345384344303043"
]
}

Workflow Library Example

Create E Discovery Search with Microsoft E Discovery and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop