Microsoft Purview: eDiscovery - CMK (Customer managed key) for eDiscovery direct export

🚨 The Signal: Microsoft Purview eDiscovery now supports Customer Managed Keys (CMK) for direct data exports. This enhances data protection by allowing organisations to control the encryption keys for sensitive eDiscovery export data, reducing reliance on Microsoft-managed keys.

The Impact

Security teams and compliance officers are affected, gaining enhanced control over encryption keys for sensitive eDiscovery export data, reducing data exposure risk.

• Security Teams: Gain direct control over encryption keys for eDiscovery exports.
• Compliance Officers: Improved ability to meet regulatory requirements for data encryption.
• Legal Teams: Enhanced protection for sensitive legal discovery data during export.
• Data Owners: Increased assurance regarding the security of their data post-export.

The Action

1. Review Microsoft Purview documentation for CMK setup in eDiscovery direct export.
2. Plan and implement Azure Key Vault for storing customer-managed keys.
3. Configure eDiscovery export settings to utilise the new CMK option.
4. Update internal data handling and encryption policies to reflect CMK usage for eDiscovery.

Domain: Purview · Impact: high · Workload: Microsoft Purview