Office 365 Administrators have many ways to access user data. It’s important to set up a policy to control and then verify that access. If you don’t, your administrators might be looking into Exchange mailboxes, SharePoint, and OneDrive without oversight. And that would be a bad thing.
Teams and Skype for Business Online both capture IM conversation records that can be found by Office 365 eDiscovery (content) searches. All of which is good, but if you ever get around to performing eDiscovery and need this information, you’ll find that Skype for Business Online conversation transcripts are easier to use than the individual copies of conversation contributions captured by Teams.
Office 365 content searches can find all sorts of information, but they cannot decrypt protected files in SharePoint and OneDrive for Business sites. This prompts the question of how to deal with protected files exported by a search. As it turns out, the combination of a rights management superuser and some PowerShell makes short work of unprotecting files so that they can be read by all.
Microsoft told us some months ago that they would block the creation of new eDiscovery cases in Exchange and SharePoint. A course reversal has happened because of the humble discovery mailbox, which Exchange uses as a target for eDiscovery results. The block has lifted for Exchange but remains for SharePoint. It will eventually happen for Exchange but Office 365-wide functionality is better than workload-specific features.
Further signs of Microsoft discarding the on-premises roots of Office 365 in favor of consistent cross-workload functionality comes when the Security and Compliance Center takes center stage for eDiscovery from July 1.
Office 365 content searches are very powerful at finding content in SharePoint, Exchange, Groups, public folders, and OneDrive. Permissions filters can restrict the ability of eDiscovery managers to see results. With a little PowerShell, you can create effective filters.
Microsoft has announced that they will block Office 365 tenants from creating workload-specific searches from July 2017. Instead of using Exchange Online and SharePoint Online, you have to create content searches and eDiscovery cases through the Security and Compliance Center. It’s a good change, even with the complication of keeping old searches until they expire.