What Is eDiscovery In Security And Compliance In Office 365?

The Security and Compliance area of Office 365 does a bunch of things around securing, managing and auditing the data your organisation has in Office 365, but one area that caught my interest was the eDiscovery options.

eDiscovery is just like email – an electronic version of something that used to be done manually. If you’ve watched shows like Suits, they will show people going through a discovery process by having a room full of boxes, and having to read through all the documents by hand to find whatever smoking gun they’re after.

The ‘e’ in eDiscovery just means that all the data is digitalised (either originally because it’s digital content such as emails or files from computers, or has been scanned to convert the contents from analog to digital) and more importantly, indexed and quickly searchable.

If you were searching for ‘murder’ in an eDiscovery system, you’d put the keyword you want (murder) and point it to the set of data to search against –  just like Windows PCs can index their local data for searching the contents quickly. All documents that contain the word ‘murder’ are presented and can be read through by someone, which makes the manual process of going through a room full of boxes a bit laughable.

This is exactly what Microsoft’s eDiscovery does, with the benefit of already having your existing Office 365 data indexed. This includes all your Exchange Online mailboxes, SharePoint Online sites and OneDrive for Business content.

Microsoft Mechanics have a great demo video on how this works for a keyword search:

Of course the functionality of eDisccovery goes way beyond legal reasons, and the whole Security and Compliance solutions go far beyond the eDiscovery component.

You may also have content you want to search that’s not in Office 365 currently. PSTs can be uploaded then searched against in Exchange Online, or you can upload files to a library (SharePoint or OneDrive for Business) and search against them.

The space and compute power is something you don’t have to worry about (as long as you’ve got enough space in Office 365, which you can buy more of if needed) with this too.

There is a huge amount of documentation online about eDiscovery which will cover a lot of questions and scenarios you may have, but I think it’s best to find some test data and start playing around with it.

I’m learning the basics about eDiscovery myself, but if you’re looking to do a keyword search on a large amount of data, this is worth looking at – and assuming you have Office 365 already, shouldn’t cost you anything to use!



How To Enable Office 2013 KMS Host


Following on from my previous blog on “How to add your KMS keys for Windows 8 and Server 2012, here’s how you can enable a KMS Host (Key Management Service) for Office 2013.

Server End

First, you’ll need access to Microsoft VLSC (Volume Licensing Service Center) here: Update: You can also download it from here

From there, under the ‘Downloads and Keys’ section you’ll need to find ‘Office Professional Plus 2013 Key Management Service Host’ or Office Standard Key Management Service Host’ depending what you’re licensed for. It’s a 800kb ISO file.

Once downloaded and extracted/mounted, you’ll need to go to your already configured KMS Host which is running your Windows KMS Host activation. If you’ve already got Widnows 8/Server 2012 running then it could be easier, as there were some patches for the pre-release version of this tool, and that will possibly apply to this proper release.

On the KMS Host, open your command prompt and run the command ‘cscript kms_host.vbs’ (assuming you’ve navigated to the directory containing the extracted ISO). It’ll do it’s thing as per this screenshot:


Then, as long as you’ve been kind to the licensing Gods it will prompt you saying that the install was successful, and would you like to enter and activate your Office 2013 KMS key now? Yes please you’ll reply, realising you’re talking to your PC.

Enter your key including dashes (obtained from VLSC under the actual Office 2013 product download) and nervously wait, while it gives no indication anything is happening for 10 seconds or so. Eventually you’ll get another prompt saying the key has been successfully installed and activated. You will be able to see this from the Volume Activation Management Tool under the ‘Licensed’ area.

Client End

The Office 2013 client automatically installs using the client KMS. There are two keys remember, being the KMS Host and KMS Client. The KMS Host is obtained via VLSC and individual to your organisation, while the KMS Client key is standard worldwide, and the default for install. The KMS Client key is also referred to as the Generic Volume License Key (GVLK). More info including the publically available keys here:

To force client activation, run the command ‘cscript ospp.vbs /act‘ from the C:\Program Files (x86)\Microsoft Office\Office15\ folder. More info on that here:

You’ll now probably get an error saying “The count reported by your Key Management Service (KMS) is insufficient.” with an error code 0xC004F038.

I believe you need 5 unique PCs to request a key before your KMS Host will start giving them out (reference for Office 2010 I haven’t had a chance yet to test this, so please let me know if you find out more.

Update: As confirmed by this page, you need 5 unique PCs


Disabled Add-ins in Microsoft Office

Another little fix here. Many companies will have certain add-ins in their Microsoft Office products, and sometimes things go wrong. Often if an Office product crashes, it will blame an active plugin and bring up the prompt asking if you want to disable the add-in:

For most people presented with more than a line of text and a ‘Yes/No’ option, they’ll just click ‘Yes’ and continue on their merry way – not realising they’ve just crippled some functionality.

In Office 2010, it’s a bit of a pain to re-enable an add-in manually: Click File > Options > Add-ins > Drop down Manage and choose ‘Disabled Add-ins’ > Go > Choose the add-in > Click Enable > Click OK > Click OK > Have a nap. Hard work!

So, what I decided to do was use Group Policy to automatically wipe from the registry anything that’s disabled. This will happen on 90 minute intervals, and at login time – so for some users, it’s easier to train them to log off and back on (or reboot) if they’re having that important add-in disabled.

The relevant keys to delete are:


I am doing this with a Registry Group Policy Preference set to ‘Delete’

Of course this could be added to a login script if you use those, or if it’s a really common problem a desktop shortcut or reg file that deletes the key when the user choose to. All it needs to contain is this:


Note that this is for Office 2010, but the same works for 2007 and 2003, just the version path needs to be changed – for 2003, it’s 11.0 and 2007 is 12.0 (no unlucky 13.0).