eDiscovery for Exchange Online Data at Rest

  • It is not possible to search for sensitive information types when selecting Exchange Online mailboxes as the data source , Office 365 User Voice REQUEST
  • It is possible to search for the items specified in this Microsoft ARTICLE and via KeyWord

The screen shot below is from an Office365 E5 Advanced eDiscovery query that shows these types of searches are not supported

LETS HOPE MICROSOFT RESOLVE THIS ONE!

Office365 & AIP Sensitive Information Types

  • Sensitive Information Types defined in Azure Information Protection are not visible in the Office365 Security Center
  • Sensitive Information Types defined in the Office365 Security and Compliance center are not visible in Azure Information Protection
  • So this means sensitive information types need to be defined in each service.
  • @MSignite2018 Microsoft announced a change in search technology in Exchange Online and Exchange 2019 , they will now use Bing technology. The front end of the Office365 Security and Compliance Center seems to be using SharePoint search technology. I would love Microsoft to enable Exchange Online, AIP, & Sharepoint Online to use the same search technology used in Azure Log Analytics.
  • Microsoft state that when creating custom sensitive information types via an XML file and then importing them into the Security and Compliance center that it is not possible to have multiple regex values. It is possible to combine multiple regex values by using the PIPE value |. When combining multiple regex values , they can be tested in Office365 and in RegEx101.com
  • Using multiple regex values in AIP can also be combined by using the PIPE value |
  • This is an example of a regex for different pattern types for Irish mobile phone numbers that could be used in the Security and Compliance center GUI or the AIP GUI when defining regex sensitive information types.
    08[3|5|6|7|8|9]\d{7}|3538[3|5|6|7|8|9]\d{7}|003538[3|5|6|7|8|9]\d{7},
    notice the | that defines the different type of patterns.