Jul 17 2024 05:18 AM
Dear community,
We created an adaptive scope and a retention policy about two weeks ago. If I check the scope details on the Purview portal, the adaptive scope shows 9602 users, but the policy shows only ~9150 users. I tried to investigate the issue, but I haven't found an error message or a list of users missing from the policy. I must find a way to list out the users who are not covered by the policy.
What I have done in a nutshell is:
- Get-ComplianceRetentionPolicy does not see this policy. We have a few other policies with static scope, and they appear on the output, but the one we want to check is not.
- I collected all the mailboxes and checked the InPlaceHolds, but there is no such policy either. This is weird since we should have 9150 users covered by this policy.
- I checked a user who has this policy with the "Policy lookup" feature on the Purview portal, and it showed that the user is covered by the policy.
I googled, Copiloted, and ChatGPTd my question, but I still have no clue what to do.
The main question is: How can I query a list of users missing from a retention policy with adaptive scope?
Thank you for your help in advance!
Jul 19 2024 06:16 AM
you could validate the adaptive scope with the following PowerShell script publicly available. I know it works and should further provide the number of matching objects.
https://aka.ms/ValidateAdaptiveScopeOPATH
Please do not hesitate to ask for additional questions, if necessary.
Thanks.
Jul 19 2024 06:18 AM
Hi @rodoj
I guess that you should be able to identify it checking for the mailboxes In-Place holds.
Get-Mailbox <username> | Select-Object -ExpandProperty InPlaceHolds
To get all organization-wide Microsoft Purview retention policies you can run:
Get-OrganizationConfig | FL InPlaceHolds
And once you have the GUID, somthing like this should work to get all the mailboxes with that policy applied:
Get-mailbox -Resultsize Unlimited | Where {$_.InPlaceHolds -like "*GUID*"}
You can get more information here: How to identify the hold on an Exchange Online mailbox | Microsoft Learn
Hope this helps.
Have a good day.
Best Regards,
Francisco Manigrasso.
Jul 19 2024 06:50 AM
Jul 19 2024 06:53 AM
Jul 19 2024 07:01 AM
I would recommend you filter out the objects that are not covered by the policy as they might not be applicable such as service accounts. Moreover,
Jul 19 2024 08:30 AM
Hi @rodoj
That´s strange. You may need to open a support case.
Do you see al correct in the policy details?
When you click on Policy details you should find the "Locations" section.
On the other hand, if you know that the scope is working properly, you can identify the mailboxes running something like this, (adapt to your scope):
$attribute = "Department"
$value = "Sales"
Get-Mailbox -Filter "{$attribute -eq '$value'}" | Select-Object DisplayName, PrimarySmtpAddress
Aug 02 2024 12:59 AM