Office 365 Subject Access Requests

%3CLINGO-SUB%20id%3D%22lingo-sub-293915%22%20slang%3D%22en-US%22%3EOffice%20365%20Subject%20Access%20Requests%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-293915%22%20slang%3D%22en-US%22%3E%3CP%3EWondering%20what%20processes%20other%20companies%20follow%20when%20they%20receive%20a%20Subject%20Access%20Request.%3C%2FP%3E%3CP%3EIn%20the%20UK%20we%20have%2030%20days%20to%20supply%20an%20extract%20of%20data%20when%20requested%20against%20search%20criteria%20-%20although%20we%20don't%20get%20many%20the%20process%20we%20typically%20follow%20is%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%26nbsp%3BSecurity%20%26amp%3B%20Compliance%20Admin%20Centre%3C%2FLI%3E%3CLI%3ENew%20e-Discovery%20search%20-%20When%20we're%20happy%20search%20is%20good%3C%2FLI%3E%3CLI%3EExport%20to%20PST%20-%20Supply%20the%20Compliance%20dept%20the%20PSt%2C%20who%20then%20review%2C%20remove%20anything%20from%20there%20which%20isn't%20suitable%20for%20release%20-%20Case%20closed%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThe%20business%20have%20now%20decided%20they%20want%20to%20deploy%20a%20GPO%20to%20disable%20the%20users%20ability%20to%20open%20any%20PST's%20at%20all%20in%20Office%20which%20screws%20our%20process%2C%20so%20I'm%20thinking%20of%20something%20along%20the%20following%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3ESecurity%20%26amp%3B%20Compliance%20Admin%20Centre%3C%2FLI%3E%3CLI%3ENew%20e-Discovery%20search%20-%20When%20we're%20happy%20search%20is%20good%3C%2FLI%3E%3CLI%3ECreate%20a%20new%20shared%20mailbox%3C%2FLI%3E%3CLI%3EUpload%20PST%20to%20Azure%20Ingestion%20storage%20and%20them%20use%20the%20365%20import%20PST%20to%20inject%20into%20shared%20mailbox%3C%2FLI%3E%3CLI%3EGive%20local%20HR%20rep%20access%20to%20shared%20mailbox%2C%20they%20can%20review%2C%20remove%20anything%20which%20needs%20removing%20(export%20to%20pst%20and%20supply%20to%20the%20user)%3C%2FLI%3E%3C%2FUL%3E%3CP%3EIt's%20a%20bit%20messy%20and%20time%20consuming%20but%20was%20wondering%20what%20other%20companies%20do%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-293915%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EeDiscovery%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-294406%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Subject%20Access%20Requests%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-294406%22%20slang%3D%22en-US%22%3EHi%20Steve%2C%3CBR%20%2F%3E%3CBR%20%2F%3EMany%20organisations%20in%20the%20UK%20use%20journaling%20to%20an%20archive%20to%20achieve%20this%2C%20usually%20a%20gateway%20archive%20service%20such%20as%20Mimecast%2C%20or%20another%20third%20party%20archive%20like%20Global%20Relay.%20These%20just%20use%20transport%20rules%20and%20send%20connectors%20in%20EAC%20to%20do%20the%20journaling.%20The%20organisation%20will%20upload%20a%20copy%20of%20their%20PST's%20when%20the%20archive%20starts%20and%20everything%20new%20(internal%20and%20external)%20goes%20straight%20in%20the%20archive.%20After%20that%2C%20no%20more%20need%20to%20worry%20about%20PST's%20as%20there%20is%20a%20tamper%20proof%20compliant%20copy%20of%20all%20email%20in%20the%20archive%20which%20has%20e-Discovery%20and%20where%20a%20copy%20exported%20as%20required.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20know%20this%20isn't%20utilising%20the%20native%20Microsoft%20functionality%20as%20Vasil%20outlined%2C%20but%20its%20just%20an%20observation%20having%20worked%20in%20cloud%20in%20the%20UK%20for%20over%2010%20years.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-294293%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Subject%20Access%20Requests%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-294293%22%20slang%3D%22en-US%22%3E%3CP%3EOr%20you%20can%20just%20use%20the%20good%20old%20%22Copy%20to%20Discovery%20mailbox%22%20functionality%20available%20in%20the%20EAC%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fpolicy-and-compliance%2Fediscovery%2Fcopy-results-to-discovery-mailboxes%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fpolicy-and-compliance%2Fediscovery%2Fcopy-results-to-discovery-mailboxes%3Fview%3Dexchserver-2019%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOr%20go%20even%20more%20old%20school%20and%20use%20the%20Search-Mailbox%20cmdlet%20to%20copy%20the%20content%20of%20the%20SAR%20mailbox%20to%20a%20shared%20mailbox%20directly.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

Wondering what processes other companies follow when they receive a Subject Access Request.

In the UK we have 30 days to supply an extract of data when requested against search criteria - although we don't get many the process we typically follow is

 

  •  Security & Compliance Admin Centre
  • New e-Discovery search - When we're happy search is good
  • Export to PST - Supply the Compliance dept the PSt, who then review, remove anything from there which isn't suitable for release - Case closed

The business have now decided they want to deploy a GPO to disable the users ability to open any PST's at all in Office which screws our process, so I'm thinking of something along the following

 

  • Security & Compliance Admin Centre
  • New e-Discovery search - When we're happy search is good
  • Create a new shared mailbox
  • Upload PST to Azure Ingestion storage and them use the 365 import PST to inject into shared mailbox
  • Give local HR rep access to shared mailbox, they can review, remove anything which needs removing (export to pst and supply to the user)

It's a bit messy and time consuming but was wondering what other companies do

 

2 Replies
Highlighted

Or you can just use the good old "Copy to Discovery mailbox" functionality available in the EAC: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/copy-results-to-discovery...

 

Or go even more old school and use the Search-Mailbox cmdlet to copy the content of the SAR mailbox to a shared mailbox directly.

Highlighted
Hi Steve,

Many organisations in the UK use journaling to an archive to achieve this, usually a gateway archive service such as Mimecast, or another third party archive like Global Relay. These just use transport rules and send connectors in EAC to do the journaling. The organisation will upload a copy of their PST's when the archive starts and everything new (internal and external) goes straight in the archive. After that, no more need to worry about PST's as there is a tamper proof compliant copy of all email in the archive which has e-Discovery and where a copy exported as required.

I know this isn't utilising the native Microsoft functionality as Vasil outlined, but its just an observation having worked in cloud in the UK for over 10 years.

Best, Chris