Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

PST discovery with Purview (Endpoints/OneDrive and On Prem File Shares)

Copper Contributor

We have a business need to identify all PSTs on our endpoint devices including those that have been synced to OneDrive. We also want to discover the PST files residing on our Nasuni on premises file shares. 


1) I know for the former case that Purview compliance portal may offer a solution but not quite sure the most efficient way to generate this in a report as the Content Search would not be an efficient option. 

 

2) For the Nasuni on prem shares, I believe we would use AIP Scanner but I looked at the way it can be configured and .pst extensions are not on the "include" list for the configuration. Does this mean we don't get visibility into PSTs using AIP Scanner?

 

Thanks!

 

-Luke Fisher

 

Luke_Michael_Fisher_0-1698153680652.png

 

1 Reply

Hi @Luke_Michael_Fisher 
Basically PST are the outlook data file. If your organization has onboarded Microsoft Defender (For Endpoint & for cloud application) there you can search the files in Endpoint and in OneDrive. 
Note: Limitation's are there in exporting results. But you can use API to get more number of result export 35K - 40K(MD Endpoint) but not sure about Microsoft Defender for cloud application(MDCA) it has Export Limitation of 5K.
1) I know for the former case that Purview compliance portal may offer a solution but not quite sure the most efficient way to generate this in a report as the Content Search would not be an efficient option. 
A) You can go with eDiscovery(premium) in Purview for scanning all SharePoint site. For OneDrive you could go with MDCA.

2) For the Nasuni on prem shares, I believe we would use AIP Scanner but I looked at the way it can be configured and PST extensions are not on the "include" list for the configuration. Does this mean we don't get visibility into PSTs using AIP Scanner?

A) In AIP PST is excluded from classification and protection. AIP supported filetype

I suggest to go with Defender or if your organization has onboarded tools for endpoints, then you can use those tools to extract the path of PST with device name and user Id.