You can do most of the effort of creating a data classification here, although if you want to use any of our built in functions (such as credit card Luhn check), you’ll need to export/modify/import, use the sensitive information type package that I created (referenced earlier) or use one of our native DLP classifications.… [ Continue reading ]
Over the course of your Office 365 administration duties, you may be called to locate data matching particular data patterns (such as matching a particular regular expression or a Sensitive Information Type), either for eDiscovery or data classification purposes. The good news is you can actually do that. … [ Continue reading ]
So, this is an entry that has been long in the making. I have had several customers over the last few years give feedback about our Data Loss Prevention’s (DLP) matching requirements, mostly around how they require too much corroborating evidence (in the form of patterns or keywords) to meet their organization’s very restrictive policies.… [ Continue reading ]
While working with a customer last week, it came to my attention that the Get-UserHoldPolicies script I had put together to enumerate retention policies and eDiscovery cases that put a hold on content wasn’t displaying policies that were global. The types of policies I checked for were enumerated in a user’s InPlaceHolds mailbox property, but apparently, that field is populated only if a Security & Compliance retention policy explicitly specifies the mailbox.… [ Continue reading ]
In my previous post, I discussed using the new Attack Simulator for crafting phishing campaigns against your users. If you haven’t tried it out yet, I’d heartily recommend it. It’s more fun than a barrel of monkeys.
For this post, we’re going to shift into slightly more traditional attack strategies. … [ Continue reading ]
Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users. The Attack Simulator has three core components, each of which I’ll cover in a series:
- Spear Phishing (Credential Harvest)
- Brute Force Password (Dictionary Attack)
- Password Spray Attack
For this post, I want to focus on the Spear Phishing campaign.… [ Continue reading ]
Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations.
In this scenario, we’re going to:
- Remove users from any existing eDiscovery roles or groups
- Create a security group to hold users that will perform eDiscovery searches
- Create a custom role group that has the appropriate eDiscovery roles and add the security group as a member
If you didn’t read the previous blog post on this topic, I’d encourage you to go back and do so, since I’m going to continue using the same users and compliance filters.… [ Continue reading ]
Diving deeper into the Security & Compliance Center, I decided to embark on trying to scope eDiscovery permissions to meet a certain set of requirements that we see when multiple business units want or need to maintain independence from a content search and discovery perspective.… [ Continue reading ]
UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center.
Last week, I was asked by a few people for information on displaying holds applied to mailboxes.
Holds come in several varieties:
- In-Place Holds created via the Exchange Admin Center or eDiscovery case
- Retention Policies (either as Retention or Label policies)
- Litigation Hold set as a mailbox property
- Legacy Exchange MRM policies
When viewed programmatically from PowerShell, you’ll notice that In-Place Holds and Retention Policies are somewhat inverse relationships like the legacy MRM policies–that is, the various policies in the Security & Compliance Center don’t have lists of objects applied to them. … [ Continue reading ]
Recently, a customer asked for clarification on the difference between Content Search (Security & Compliance center | Search & investigation | Content search) and the Content Search feature in an eDiscovery case (Security & Compliance center | Search & investigation | eDiscovery). … [ Continue reading ]