M365 Purview News July 10, 2023

What's new, and who am I learning from this month?

Mike McBride

Jul 10, 2023

Earlier this week Teams suggested to me to schedule a message. My birthday coming up made for exactly the kind of scenario where this feature could be useful, so I decided to test it out. I set a message to go up the next day after my birthday when I’m back at work to wish me a happy birthday. (What, you don’t have conversations with yourself in Teams? Don’t judge me.)

I realize this isn’t a brand new feature, but the eDiscovery geek in me wondered when I saw it whether this message exists in any real form before it is sent.

So on July 4th, I tried to collect this message that was sitting in the Teams interface for the user who scheduled it to send. (On second thought, I spent part of my birthday and holiday testing Teams eDiscovery, send help!) Not surprisingly, I was unable to find it in the mailbox. This, I assume, is because the compliance record that is normally collected from the mailbox doesn’t exist until the message is sent. The message lives in some ephemeral state in the Teams database, but not the mailbox. As far as the M365 eDiscovery tools are concerned it doesn’t exist yet.

There’s your mini-tip for this week. Plan accordingly.

Elsewhere:

The big story that I saw all over in the last few weeks was this one - Microsoft Teams vulnerability allows attackers to deliver malware to employees.

The advice given might not work for everyone. Disabling communication with outside tenants isn’t really an option for every company. A lot of organizations use Teams to collaborate with people outside of their tenants. Those same organizations are adding new customers and partners often as well, so setting it up to only accept pre-identified domains might also be an issue of workload for some poor IT team members. So we’re left with employee education. Which, given the very targeted nature of the vulnerability, might not be the worst thing. Highly targeted attempts, like spear-fishing, are less successful if the targets know they might be coming. (I learned this reading A Hacker’s Mind by Bruce Schneier last week.) Teams users should be aware of documents shared in chat by people who don’t normally share documents with them. This should apply even inside the organization, as well as with outside domains, even ones made to look like internal ones. After all, accounts do get compromised from time to time. The account sending a document may not be the person you think it is. Teaching your staff to be suspicious may be one way to counter these risks.

I came across a couple of good resources on DLP recently. DLP is important to understand as an eDiscovery practitioner because at some point the tools will cross over. Those protections against data loss will turn into investigations of data leakage, which will require the collection of data using the eDiscovery tools.

Prevent data leak through web apps with Microsoft Purview Data Loss Prevention

And this webinar might also be of interest:

Remember that M365 outage a while back? Turns out it was probably a DDOS attack, which is a bit scary when so many businesses are utterly dependent on having access to data in M365.

Other interesting reading for this month:

Simplified Microsoft 365 User Onboarding via Power Automate
Find SharePoint Documents with Sensitivity Labels
Is that Microsoft 365 application appropriate for storing records? - It’s a good thing to consider before rolling out a new app in M365, what are your records management requirements, including whether the data would be accessible for eDiscovery.
Microsoft launches Viva Pulse public preview for fast feedback and reactions - Has anyone used this yet? Should third-party employee engagement survey companies be concerned? I haven’t seen any reviews of it yet, but I’ll keep my eyes out for anyone who’s doing some actual testing with it.
Mitigate risks using in-place eDiscovery
The MS-102: Microsoft 365 Administrator exam launches in early July.

That’s it for the news wrap-up. If you know of any other interesting news items around M365 eDiscovery, feel free to leave a comment or drop me a line.