09-03-2019 11:59 AM
09-03-2019 11:59 AM
I wanted to ask how you deal in your organizations with the fact that end-user (also SCA for his/her OneDrive site) can go and with a bit of extra effort they can disable search (from old site settings). Of course impact of that is mainly on eDiscovery which from that moment is unable to discover documents/files or preserve them.
They can do other ugly stuff too, like create subsites in OneDrive, or create additional libraries or even enable check out which makes no sense in OneDrive and causing of number of very weird and hard to solve problems.
I just notice that MS introduced new twp page design for "OneDrive Settings" but this compliance gap is still not addressed.
09-03-2019 04:28 PM
Are you talking about On-Prem OD?
I see how disabling eDiscovery could be a problem if you want to make sure that your user are compliant with the governance. I didn't know that disabling search would effect eDiscovery.
Microsoft is hiding many of the pages that could allow users to make some damage, but again, it's their site. If they want to play, if they want to learn, it's better to do it on their site rather then on a SharePoint site. The data is backed up. We use Online version with thousands of users and I haven't seen a user that needed help with OD because they hacked OneDrive settings.
09-04-2019 12:42 AM
Well yes, the user being a SCA can do as they please with any setting on their personal ODFB, assuming they know what they're doing. I haven't actually tested how search settings affect eDiscovery, but will verify this now and report back.
09-04-2019 12:51 AM
So I disabled search for one user, but I can still run eDiscovery against his ODFB just fine. I'll give it some time to re-index, and will try again.
09-04-2019 08:34 AM
So few hours later, I still seem to be able to search the entire content of the user's ODFB. I'll give it another try later just in case, but have you actually validated that you are unable to do eDiscovery once Search is disabled?
09-04-2019 12:37 PM
Hi, I mean standard Onedrive for Business aka personal site on SPO. Its not just eDiscovery.... DLP relies on content searches too.
I take care of aprox 160k users globaly on ODB and I can say that you are lucky that your users can behave, mine not. We do have people messing around with those critical settings.
check out new page for settings which have still link to old classic mode site settings (on bottom of page) which I find out super dangerous really. If you think about GDPR Dashboard which is part of Security Center will be useless to when you cant ensure that all sites are possible to content search thru them.
09-04-2019 12:39 PM
What about DLP ..which definitely rellies on content search??
We did have problems with some litigation cases and even MS support pointed us to fact user had disabled search. We requested a DCR from MS so maybe they already fixed it for eDiscovery ....
09-04-2019 11:51 PM
I'm not saying I don't trust you, it actually sounds logical to me. Just want to verify it before I start pinging folks at Microsoft about it. So far I don't have any issues running eDiscovery searches against a user with search disabled, but I might simply be seeing results from the old index.
09-05-2019 11:40 PM
So, after manually rebuilding the index for that user yesterday, I no longer get any results in eDiscovery. In other words, I can confirm the behavior.
Now, did you say that you have already filed a DCR with Microsoft about it and they have accepted it? Just so we know whether to harass some folks at Microsoft, or wait.
@Tony Redmond FYI, as you don't seem to be getting my Teams messages :)
09-06-2019 02:44 AM
@Vasil Michev I'm not ignoring you, I am ignoring the news. This is old information because users have always been able to disable search for their personal OneDrive for Business site. As I recall, there was a bit of a ho-hah about this topic when Delve first appeared that subsequently died down.
Users have always had the ability to protect their information against search. For instance, they can simply ignore OneDrive for Business (the equivalent of keeping email in a PST). We might not like this, but they can. Another way is to protect the information with rights management, in which case search can only index the metadata and not the content of protected documents.
If someone has a real problem with this, they should file a User Voice and ask Microsoft for a tenant-wide control to stop users having the ability to access the Search and Offline capability of Site settings.
09-09-2019 05:34 PMSolution