Mar 12 2021 05:12 AM
Mar 12 2021 05:12 AM
Within Microsoft 365/Exchange Online, how (and where exactly) could you grant an auditor read only access so they can view copies of messages in Exchange Online that are subject to a specific retention/litigation policy for a specific mailbox. This is requirement so auditors and other named staff can be sure they are viewing ‘the original’ version of some crucial authorization type messages, and not some form of tampered version of the original message. The mailboxes will relate to senior employees within the organization so the need to preserve confidentiality of the wider mailbox will be of the utmost importance.
It is desirable that the auditor should only be able to view messages under the retention/litigation policies, and not be granted full access to the users entire mailbox. It was recommended for email messages that require a high level of integrity and proof for accountability purposes, to ensure they cannot be edited or deleted ‘at rest’, that retention/litigation policies could be put in place within Exchange Online and the policies applied to messages ‘on demand’ (through some form of tagging mechanism so the officer tags certain emails which then subsequently ensures they are preserved through an appropriate retention/litigation hold whereby the original is safely filed in a ‘preserved original version of messages’ folder. My understanding that granting access to this hidden ‘preserved original version of messages’ folder is not really achievable and access should really be granted via the relevant MS365 compliance centers if possible.
If the viewing of any emails located within the ‘preserved original version of messages folder’ could also be captured in an audit trail for further accountability, to ensure such access is not being misused, that would also be a nice bonus.
Alternatively, if granting auditors permissions to view the messages subject to retention policies/litigation holds for only a specific mailbox/mailboxes is going to prove a nightmare to implement, how else could an administrator with the necessary admin roles over Exchange Online provide evidence to the auditor that gives them assurance that they are viewing the original untampered with version of a specific message? Is there any sort of tag, attribute or certificate within a message for a 365 Exchange Online mailbox that could be provided to the auditor, that reliably demonstrates ‘this is the unaltered original version of this message’. The concern with not subjecting these critical emails to retention/litigation policies is the key emails could be purposely or accidentally deleted.
Mar 12 2021 05:39 AM
Mar 12 2021 09:35 AMSolution