Configuration

Looky, looky! Custom sensitive information types with even more customitivity!

So, of course, as soon as I finish up posting a few entries (here and here), we go and release a new UI to help you get it done on your own!

You can do most of the effort of creating a data classification here, although if you want to use any of our built in functions (such as credit card Luhn check), you’ll need to export/modify/import, use the sensitive information type package that I created (referenced earlier) or use one of our native DLP classifications.… [ Continue reading ]

Configuration

Sensitive Information Types–now with more sensitivity!

UPDATE: The TechNet Gallery link for this post has been updated.

So, this is an entry that has been long in the making.  I have had several customers over the last few years give feedback about our Data Loss Prevention’s (DLP) matching requirements, mostly around how they require too much corroborating evidence (in the form of patterns or keywords) to meet their organization’s very restrictive policies.… [ Continue reading ]

Information

Update to the Get-UserHoldPolicies tool

While working with a customer last week, it came to my attention that the Get-UserHoldPolicies script I had put together to enumerate retention policies and eDiscovery cases that put a hold on content wasn’t displaying policies that were global.  The types of policies I checked for were enumerated in a user’s InPlaceHolds mailbox property, but apparently, that field is populated only if a Security & Compliance retention policy explicitly specifies the mailbox.… [ Continue reading ]

Identity

Let’s Go Phishing – Spear Phishing, That Is

Over the last few weeks, we’ve released some great new features for Office 365 Advanced Threat Protection users.  The Attack Simulator has three core components, each of which I’ll cover in a series:

  • Spear Phishing (Credential Harvest)
  • Brute Force Password (Dictionary Attack)
  • Password Spray Attack

For this post, I want to focus on the Spear Phishing campaign.… [ Continue reading ]

Information

Creating and Managing Security and Compliance Filters in the Real World [Part 2]

Picking up where I left off on part 1 of this post, I wanted go into what it would take to refine some roles for managing eDiscovery for larger organizations.

In this scenario, we’re going to:

  • Remove users from any existing eDiscovery roles or groups
  • Create a security group to hold users that will perform eDiscovery searches
  • Create a custom role group that has the appropriate eDiscovery roles and add the security group as a member
  • Verify

If you didn’t read the previous blog post on this topic, I’d encourage you to go back and do so, since I’m going to continue using the same users and compliance filters.… [ Continue reading ]

Scripting

Display or Export All User Mailbox Holds

UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center.

Last week, I was asked by a few people for information on displaying holds applied to mailboxes.

Holds come in several varieties:

  • In-Place Holds created via the Exchange Admin Center or eDiscovery case
  • Retention Policies (either as Retention or Label policies)
  • Litigation Hold set as a mailbox property
  • Legacy Exchange MRM policies

When viewed programmatically from PowerShell, you’ll notice that In-Place Holds and Retention Policies are somewhat inverse relationships like the legacy MRM policies–that is, the various policies in the Security & Compliance Center don’t have lists of objects applied to them. … [ Continue reading ]