How can I query multiple user’s OneDrive for Business data?

  • Article

This is a very common question I get from customers and also they want to know how they can globally elevate permissions to search/access OneDrive for Business. They want to be able to search OneDrive for Business data from an eDiscovery query and/or preserve/hold the data.

 

Prerequisites:

To conduct an eDiscovery Center full query including exporting data, we require E3 licenses assigned to the eDiscovery users conducting the query. If you are placing users on hold within the eDiscovery query, those users also require an E3 license assigned to be placed on in-place hold.

Another preq is you have to create an eDiscovery Center site collection in SharePoint Online. If you visit the new Office 365 Compliance Center it will create the eDiscovery Center site collection automatically with the following steps:

 

  1. Go to https://compliance.protection.outlook.com/ucc.

  2. Sign in to Office 365 with your work or school account.

  3. In the Compliance Center, click eDiscovery.

image

New Office 365 Compliance Center

 

High level steps for querying and holding OneDrive for Business data:

1) Collect all the OneDrive for Business sites available in the tenant using a SharePoint Online PowerShell Script

 

2) Assign Administrator or users conducting the eDiscovery permission to access/search all the OneDrive for Business sites found in step 1 

Note: The sample PowerShell scripts to conduct step 1 and 2 are here.

 

3) In the Compliance Center, click Go to the eDiscovery Center for advanced options. .

image

eDiscovery Center (EDC)

 

image

Creating a new case and create a new Discovery set.

 

Click Search and Export

clip_image002

Then modify the Query Scope.

clip_image004

and click Search Everything and SharePoint  Note: Step 1 and Step 2 must be completed first

 

4) Run the search

image

5) Save the query to track the parameters used in your search so you can increment the start and end dates each time to only provide new results.

 

 

More information:

Read more on eDiscovery center here.

eDiscovery process flow here.

eDiscovery blog I posted here.

Advanced DLP queries (e.g. SSN or Credit Cards) in the eDiscovery center here