Loading...

Creating a Case in Case Manager

Compliance officers can use Case Manager to create cases and collect electronically stored information (ESI) for specific custodians and assets.

Before You Begin

  • The Exchange package must be installed on all MediaAgents associated with the server plan being used for the case. In addition to this, the Index Gateway package or the Web Server must be also be installed on all MediaAgents associated with the server plan being used for the case.
  • The Case Manager user must be assigned a role with the following permissions on the clients (Index server, MediaAgent, Exchange Virtual client, Web Server) that are used for the case:
    • Browse
    • Compliance Search
    • View
    • Agent Management
  • The admin user must create a server plan that is used to specify the storage pool that stores the backup data and define the RPO (recovery point objective) for the backup frequency. You must install the Exchange package, Web Server package (for content indexing) and Content Analyzer package (for entity detection) on all MediaAgents used for the server plan. For more information see, Creating a Server Plan. The Case Manager user can view the plans when the admin user assigns Plan Subscription Role to the Case Manager user. To associate the Plan Subscription Role to the Case Manager user, navigate to the Plans section > serverplan > Security > Edit and then assign Plan Subscription Role to the Case Manager user.
  • The admin user must create an index server. The index server performs the content indexing and personal data analysis operations. Only multi node index server is supported. For more information see, Create an Index Server and Multinode Index Servers Using Index Server Cloud. The index server cloud must be assigned the EDGE Drive role and Exchange Index role.
  • The admin user must create a data classification plan to define the indexing requirements. You can create and edit a data classification plan from the Plans section of the Command Center. For more information see, Creating Data Classification Plans. The Case Manager user can view the plans when the admin user assigns Plan Subscription Role to the Case Manager user. To associate the Plan Subscription Role to the Case Manager user, navigate to the Plans section > dataclassificationplan > Security > Edit and then assign Plan Subscription Role to the Case Manager user.

Procedure

  1. From the navigation pane, go to Solutions > Activate.

    The Activate page appears.

  2. Click Case manager.

    The Case manager page appears.

  3. Click Add Case.

    The Add Case dialog box appears.

  4. In the Name box, enter the name of the case that you want to appear in Case Manager.
  5. From the Data Classification Plan list, select a plan to associate with the case.
  6. From the Server Plan list, select a plan to associate with the case.
  7. From the Data type list, select the solution that specifies the type of data that you want to collect for the custodians added to the case.
    • To collect email data from the mailboxes owned by the custodians, select Exchange Archiving.
    • To collect email data that contains any custodian's email address in the To, From, CC, or BCC fields from a journal mailbox, select Exchange Journaling.
    • To collect email data from a ContentStore client, select SMTP Journaling.
  8. Expand Custodians, enter the names of the users or user groups or their email addresses and then click Add.

    Note:

    If you are processing Exchange Online data, then you must enter the SMTP address for the auto-matic suggestion feature to work.

    To add multiple custodians, separate each custodian with a comma. For example: "John Smith", "Jane Doe", mdavis@example.com.

  9. Expand Additional Criteria, and then configure additional filter criteria for the data included in the case.

    Only the data that meets the filter criteria that you define are included in the case.

    • Keyword: Use this field to filter data in the case by keywords. For email data, only emails that contain the specified keywords in the subject, body, or any attachments will be included in the case.
    • Email: You can perform advanced email searches by setting the following criteria:

      Option

      Description

      Email Address

      Search for one or more email addresses that appear in the To, From, or CC fields of an email. If the email address is part of a distribution group email alias, the search will include emails with the email alias in the To, From, or CC fields.

      To search for multiple email addresses, separate each email address with a semi-colon (;) or a comma (,), and then select a logical operator: AND, OR, or NOT.

      Subject

      Search by the subject of the email.

      To search for multiple subjects, separate each subject with a semi-colon (;) or a comma (,), and then assign a logical operator: AND, OR, or NOT.

      From

      Search by the name of the sender.

      To search for multiple senders, separate each sender with a semi-colon (;) or a comma (,), and then assign a logical operator: OR or NOT.

      To

      Search by the name of the receiver.

      To search for multiple receivers, separate each receiver with a semi-colon (;) or a comma (,), and then assign a logical operator: AND, OR, or NOT.

      CC

      Search by the name and email address of the person in the CC list.

      To search for multiple names and email addresses, separate the values with a semi-colon (;) or a comma (,), and then assign a logical operator: AND, OR, or NOT.

      BCC

      Search by the name and email address of the person in the BCC list.

      To search for multiple names and email addresses, separate the values with a semi-colon (;) or a comma (,), and then assign a logical operator: AND, OR, or NOT.

      Attachment Name

      Search by the name of the email attachment.

      To search for multiple names, separate the attachment names with a semi-colon (;) or a comma (,), and then assign a logical operator: OR or NOT.

      Received Time

      Search based on the time the email was received. Logical operator do not apply because only one received time is entered.

  10. Click Save.

Last modified: 8/26/2019 5:29:59 PM