Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AIP, eDiscovery and unindexed items

Brass Contributor

After reading different posts and the comments to it, i tested if eDiscovery can find AIP protected items in SPO and ODfB.

"Among other attributes, Office 365 indexes Exchange message properties including sender, recipients, message body, and attachments. Documents and messages encrypted with RMS and Azure RMS technology are also indexed and searchable."

from: https://www.microsoft.com/en-us/itshowcase/office-365-meets-evolving-ediscovery-challenges-in-a-clou...

 

However, my eDiscovery searches cannot find any word in an AIP protected document and I also get a notice that a number of documents cannot be indexed, which is the number of protected documents in my test tenant.

Screen3.PNG

On the other side I just read the following on:
https://docs.microsoft.com/en-us/azure/information-protection/office-apps-services-support
"For libraries that are not IRM-protected, if you protect a file that you then upload to SharePoint or OneDrive, the following do not work with this file: Co-authoring, Office Online, search, document preview, thumbnail, eDiscovery, and data loss prevention (DLP)."
For me, this totally contradicts the above quote.

What is the true story on eDiscovery, DLP and AIP protected documents?
Thanks,
Franck

4 Replies

The first quote is explicitly for Exchange, the second is for SPO/ODFB, so there is no contradiction here. Exchange Online generally speaking can act as an "super user" for the purposes of eDiscovery. The same is not true for SPO/ODFB.

Thanks Vasil, for your comments,

unfortunately also eDiscovery in Exchange Online does not work for me.

I created one additional protected document and attached it to a protected message that I sent to another user in my test tenant.

Screen5.PNG

So i have 3 more items:

- the new document

- the sent mail

- the received mail.

 

Exactly these 3 items appear as not indexed in my eDiscovery Search.

 

Screen4.PNG

P.S.:

When I do a search eDiscovery can find content in the encrypted Mails but not in the encrypted attachments.

 

That depends on how you've protected the document. The feature only works if the attachments "inherit" the template applied to the email message.