While working with a customer last week, it came to my attention that the Get-UserHoldPolicies script I had put together to enumerate retention policies and eDiscovery cases that put a hold on content wasn’t displaying policies that were global. The types of policies I checked for were enumerated in a user’s InPlaceHolds mailbox property, but…
In my previous post, I discussed using the new Attack Simulator for crafting phishing campaigns against your users. If you haven’t tried it out yet, I’d heartily recommend it. It’s more fun than a barrel of monkeys. For this post, we’re going to shift into slightly more traditional attack strategies. Another one of the features…
Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users. The Attack Simulator has three core components, each of which I’ll cover in a series: Spear Phishing (Credential Harvest) Brute Force Password (Dictionary Attack) Password Spray Attack For this post, I want to focus on the Spear…
Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations. In this scenario, we’re going to: Remove users from any existing eDiscovery roles or groups Create a security group to hold users that will perform…
Diving deeper into the Security & Compliance Center, I decided to embark on trying to scope eDiscovery permissions to meet a certain set of requirements that we see when multiple business units want or need to maintain independence from a content search and discovery perspective. Here is the scenario and requirements that we’re going to…
UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center. Last week, I was asked by a few people for information on displaying holds applied to mailboxes. Holds come in several varieties: In-Place Holds created via the Exchange Admin Center or eDiscovery case Retention Policies (either as Retention…
Recently, a customer asked for clarification on the difference between Content Search (Security & Compliance center | Search & investigation | Content search) and the Content Search feature in an eDiscovery case (Security & Compliance center | Search & investigation | eDiscovery). The answer: nothing. Well, almost nothing. In the context of how they work,…
