Forum Discussion
eDiscovery is NOT working correctly with KeyQL Sensitive Type
Hello team,
I am running in eDiscovery using KeyQL or Query builder data at REST in EXO (Stale emails) that contain sensitive Info like: Canada Social Insurance number.
The query run correctly, however, the output statistics pull out other type of sensitive Info, this means that the eDiscovery is not discovering what is was requested in the KeyQL query.
Canada Social Insurance Number a2f29c85-ecb8-4514-a610-364790c0773e
KeyQL Query: (SensitiveType:a2f29c85-ecb8-4514-a610-364790c0773e|1..|85..100) AND Date>2025-01-01
Please see the output of the Query:
In addition with this problem, Why we can't delete the stale emails using as condition the "Sensitive info", so, If I need to delete the emails before 2020 with "Canada Social Insurance number", how can I do it?
It will be almost impossible if the cybersecurity team needs to do with the end-user email by email?
Best regards,
3 Replies
BrianStephenMicrosoft
While Microsoft Purview does a solid job with data in transit and in SharePoint/OneDrive, the ability to accurately detect and take action on sensitive content sitting in mailboxes is still limited. And yes, we hear you—manual cleanup isn’t scalable, and PowerShell doesn’t support hard-delete for this use case.Here’s the good news: Microsoft actively monitors customer feedback to prioritize improvements. The best way to get this on their radar is to submit your experience and suggestions directly through the https://feedbackportal.microsoft.com/
The more voices behind this, the faster it moves up the roadmap.
- BrianStephen
You can utilize eDiscovery search tools within the Microsoft Purview portal to locate sensitive information, such as credit card numbers or social security numbers, stored in documents on SharePoint and OneDrive for Business sites. However, these tools cannot be used to search for sensitive data at rest in Exchange Online mailboxes. Instead, data loss prevention (DLP) policies can be implemented to safeguard sensitive email data in transit.
Keyword queries and search conditions for eDiscovery | Microsoft Learn
I hope that helps! :-)Hello BrianStephen ,
Thanks for the answer,
For SPO and ODfB I am using Service-side Auto-labeling to apply protection to sensitive files.
DLP is for in transit emails, however, the main challenge 99% of the organization are facing is how to reduce the cybersecurity risk from stale sensitive emails AT REST?
The biggest challenges for organization are associated to emails at REST, many employees store sensitive email long time, those emails are not adding value to the organization, it is increasing the cybersecurity risk because this kind of information is the main target for malicious actors.
We can't apply sensitivity labels to emails at rest, the best we can do to reduce the risk is remove stale emails with sensitive data, however, the current eDiscovery doesn't detect sensitive data correctly and we can't use powershell to remove emails with hard-delete, which leave companies without effective way to reduce the risk of stale emails with sensitive information.
Search not work and delete not work, question, is there any option to reduce the risk in EXO for stale emails?
manual will be impossible as there is no way to detect those emails with sensitive data.
How can we suggest this improve for eDiscovery, to be honest, the tool is good, however, doesn't help to reduce risk in emails.Best regards,
