So, of course, as soon as I finish up posting a few entries (here and here), we go and release a new UI to help you get it done on your own! You can do most of the effort of creating a data classification here, although if you want to use any of our built…
Over the course of your Office 365 administration duties, you may be called to locate data matching particular data patterns (such as matching a particular regular expression or a Sensitive Information Type), either for eDiscovery or data classification purposes. The good news is you can actually do that. In this post, we’re going to walk…
UPDATE: The Technet Gallery link for this post has been updated. So, this is an entry that has been long in the making. I have had several customers over the last few years give feedback about our Data Loss Prevention’s (DLP) matching requirements, mostly around how they require too much corroborating evidence (in the form…
While working with a customer last week, it came to my attention that the Get-UserHoldPolicies script I had put together to enumerate retention policies and eDiscovery cases that put a hold on content wasn’t displaying policies that were global. The types of policies I checked for were enumerated in a user’s InPlaceHolds mailbox property, but…
In my previous post, I discussed using the new Attack Simulator for crafting phishing campaigns against your users. If you haven’t tried it out yet, I’d heartily recommend it. It’s more fun than a barrel of monkeys. For this post, we’re going to shift into slightly more traditional attack strategies. Another one of the features…
Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users. The Attack Simulator has three core components, each of which I’ll cover in a series: Spear Phishing (Credential Harvest) Brute Force Password (Dictionary Attack) Password Spray Attack For this post, I want to focus on the Spear…
Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations. In this scenario, we’re going to: Remove users from any existing eDiscovery roles or groups Create a security group to hold users that will perform…
Diving deeper into the Security & Compliance Center, I decided to embark on trying to scope eDiscovery permissions to meet a certain set of requirements that we see when multiple business units want or need to maintain independence from a content search and discovery perspective. Here is the scenario and requirements that we’re going to…
UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center. Last week, I was asked by a few people for information on displaying holds applied to mailboxes. Holds come in several varieties: In-Place Holds created via the Exchange Admin Center or eDiscovery case Retention Policies (either as Retention…
Recently, a customer asked for clarification on the difference between Content Search (Security & Compliance center | Search & investigation | Content search) and the Content Search feature in an eDiscovery case (Security & Compliance center | Search & investigation | eDiscovery). The answer: nothing. Well, almost nothing. In the context of how they work,…
