Forum Discussion
Matching Content explorer exports in content search - Exchange
Hi
I have been tasked with finding all cardholder data in our tenant.
For SPO and onedrive I can search directly from content search (or ediscovery search)
This is useful because we can export items for further investigation, and most importantly, at some point I will be asked to purge some results.
I have managed to export the content explorer data for exchange using Export-ContentExplorerData powershell.
The resulting csv however isnt very useful in tems of matching items in Exchange.
The only 2 vaguely usefel fields are FileUrl, and FileName
FileName contains contextual data sometimes several lines long, and contonaong characters that screw up a KQL keyword search, and returns too many results.
The FileURL property seems to be a unique ID, but I cant seem to find this property anywhere else, especially in content search.
Has anyone else faced a simliar situation?
hbarrynz I've spent the better part of a week looking at this. I found you want to pare the results with MS Graph API.
In Microsoft Entra, you'll need to setup a new App registration and give it "Application" access to Microsoft Graph, with Mail.ReadWrite and User.Read.All permissions.
Then setup a secret for the app and use that. With this you can login to msgraph via powershell
$clientSecretCredential = Get-Credential -Credential "Application (client) ID" # Enter client_secret in the password prompt. Connect-MgGraph -TenantId "Directory (tenant) ID" -ClientSecretCredential $ClientSecretCredential
After that you can throw in a foreach loop of your ContentExplorerData and grab any relevant information you want to use . You can preview your information and what it would look like via
Get-MgUserMessage -UserId $ContentExplorerData[1].FileSourceUrl -MessageId $ContentExplorerData[1].FileUrl | Select *
- BrrGrrCopper Contributor
hbarrynz I've spent the better part of a week looking at this. I found you want to pare the results with MS Graph API.
In Microsoft Entra, you'll need to setup a new App registration and give it "Application" access to Microsoft Graph, with Mail.ReadWrite and User.Read.All permissions.
Then setup a secret for the app and use that. With this you can login to msgraph via powershell
$clientSecretCredential = Get-Credential -Credential "Application (client) ID" # Enter client_secret in the password prompt. Connect-MgGraph -TenantId "Directory (tenant) ID" -ClientSecretCredential $ClientSecretCredential
After that you can throw in a foreach loop of your ContentExplorerData and grab any relevant information you want to use . You can preview your information and what it would look like via
Get-MgUserMessage -UserId $ContentExplorerData[1].FileSourceUrl -MessageId $ContentExplorerData[1].FileUrl | Select *
- hbarrynzCopper Contributor
BrrGrr Thank you!!! This is exactly what I was after, have just tested this & it works nicely
I can use Get-MgUserMessageContent to export all items for further scannning.
And Get-MgUserMessage will give me the properties I need to match up in content search for search and purge.
Thanks again