eDiscovery and OneDrive permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-292135%22%20slang%3D%22en-US%22%3EeDiscovery%20and%20OneDrive%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-292135%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20just%20discovered%20the%20document%20which%20documents%20a%20process%20for%20giving%20a%20user%20access%20to%20a%20OneDrive%20for%20Business%20site%20so%20that%20eDiscovery%20can%20take%20place.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fassign-permissions-to-onedrive-for-business-sites%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fassign-permissions-to-onedrive-for-business-sites%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I%20can%20*kind*%20of%20understand%20this%20in%20that%20normally%20only%20the%20user%20whose%20OneDrive%20it%20is%20has%20access%2C%20but%20the%20whole%20point%20of%20eDiscovery%20is%20to%20discover...you%20might%20not%20know%20all%20the%20accounts%20you%20need%20to%20grant%20access%20to%20if%20the%20search%20query%20is%20not%20user-centric%20but%20client-centric.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYet%20if%20we%20build%20into%20the%20OneDrive%20provisioning%20process%20an%20additional%20eDisco%20account%20having%20read%20access%20to%20all%20the%20files%20then%20that%20is%20a%20really%20bad%20security%2Fcompliance%20hole.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20how%20it%20is%20supposed%20to%20work%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-292135%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-292346%22%20slang%3D%22en-US%22%3ERe%3A%20eDiscovery%20and%20OneDrive%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-292346%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20article%20is%20for%20cases%20where%20you%20want%20to%20use%20the%20SPO%20eDiscovery%20center.%20If%20you%20are%20performing%20and%20eDiscovery%2FContent%20search%20from%20the%20SCC%20instead%2C%20you%20don't%20need%20to%20manually%20add%20those%20permissions%2FSC%20admins.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-292222%22%20slang%3D%22en-US%22%3ERe%3A%20eDiscovery%20and%20OneDrive%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-292222%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20I%20have%20gone%20away%20and%20set%20up%20some%20test%20users%20and%20tried%20this%20and%20I%20didn't%20have%20to%20make%20the%20search%20user%20an%20admin...so%20no%20idea%20what%20is%20going%20on%20with%20the%20documentation%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I've just discovered the document which documents a process for giving a user access to a OneDrive for Business site so that eDiscovery can take place. 

 

https://docs.microsoft.com/en-us/office365/securitycompliance/assign-permissions-to-onedrive-for-bus...

 

Now I can *kind* of understand this in that normally only the user whose OneDrive it is has access, but the whole point of eDiscovery is to discover...you might not know all the accounts you need to grant access to if the search query is not user-centric but client-centric.

 

Yet if we build into the OneDrive provisioning process an additional eDisco account having read access to all the files then that is a really bad security/compliance hole.

 

Is this how it is supposed to work?

 

 

2 Replies
Highlighted

So I have gone away and set up some test users and tried this and I didn't have to make the search user an admin...so no idea what is going on with the documentation :(

Highlighted

That article is for cases where you want to use the SPO eDiscovery center. If you are performing and eDiscovery/Content search from the SCC instead, you don't need to manually add those permissions/SC admins.