SOLVED

Users can disable search

Brass Contributor

Hi Guys,

I wanted to ask how you deal in your organizations with the fact that end-user (also SCA for his/her OneDrive site) can go and with a bit of extra effort they can disable search (from old site settings). Of course impact of that is mainly on eDiscovery which from that moment is unable to discover documents/files or preserve them.

 

They can do other ugly stuff too, like create subsites in OneDrive, or create additional libraries or even enable check out which makes no sense in OneDrive and causing of number of very weird and hard to solve problems. 

 

I just notice that MS introduced new twp page design for "OneDrive Settings" but this compliance gap is still not addressed. 

12 Replies

@Jaroslav Karlik 

Are you talking about On-Prem OD?

I see how disabling eDiscovery could be a problem if you want to make sure that your user are compliant with the governance. I didn't know that disabling search would effect eDiscovery. 
Microsoft is hiding many of the pages that could allow users to make some damage, but again, it's their site. If they want to play, if they want to learn, it's better to do it on their site rather then on a SharePoint site.  The data is backed up. We use Online version with thousands of users and I haven't seen a user that needed help with OD because they hacked OneDrive settings. 

 

Well yes, the user being a SCA can do as they please with any setting on their personal ODFB, assuming they know what they're doing. I haven't actually tested how search settings affect eDiscovery, but will verify this now and report back.

So I disabled search for one user, but I can still run eDiscovery against his ODFB just fine. I'll give it some time to re-index, and will try again.

@VasilMichev 

Great, thank you for validating!

So few hours later, I still seem to be able to search the entire content of the user's ODFB. I'll give it another try later just in case, but have you actually validated that you are unable to do eDiscovery once Search is disabled?

@Tihomir Buncic 

Hi, I mean standard Onedrive for Business aka personal site on SPO. Its not just eDiscovery.... DLP relies on content searches too.

 

I take care of aprox 160k users globaly on ODB and I can say that you are lucky that your users can behave, mine not. We do have people messing around with those critical settings. 

 

check out new page for settings which have still link to old classic mode site settings (on bottom of page) which I find out super dangerous really. If you think about GDPR Dashboard which is part of Security Center will be useless to when you cant ensure that all sites are possible to content search thru them. 

What about DLP ..which definitely rellies on content search??

 

We did have problems with some litigation cases and even MS support pointed us to fact user had disabled search. We requested a DCR from MS so maybe they already fixed it for eDiscovery ....

I'm not saying I don't trust you, it actually sounds logical to me. Just want to verify it before I start pinging folks at Microsoft about it. So far I don't have any issues running eDiscovery searches against a user with search disabled, but I might simply be seeing results from the old index. 

So, after manually rebuilding the index for that user yesterday, I no longer get any results in eDiscovery. In other words, I can confirm the behavior.

 

Now, did you say that you have already filed a DCR with Microsoft about it and they have accepted it? Just so we know whether to harass some folks at Microsoft, or wait.

 

@TonyRedmond FYI, as you don't seem to be getting my Teams messages 🙂

@VasilMichev I'm not ignoring you, I am ignoring the news. This is old information because users have always been able to disable search for their personal OneDrive for Business site. As I recall, there was a bit of a ho-hah about this topic when Delve first appeared that subsequently died down.

 

Users have always had the ability to protect their information against search. For instance, they can simply ignore OneDrive for Business (the equivalent of keeping email in a PST). We might not like this, but they can. Another way is to protect the information with rights management, in which case search can only index the metadata and not the content of protected documents.

 

If someone has a real problem with this, they should file a User Voice and ask Microsoft for a tenant-wide control to stop users having the ability to access the Search and Offline capability of Site settings.

FWIW. I have let Microsoft know about the issue and we'll see what they say.

best response confirmed by VI_Migration (Silver Contributor)
Solution

Hi @Jaroslav Karlik @TonyRedmond et al,


We've reviewed further with those on our end already engaged on the issue - a continuing effort to adjust legacy settings to the cloud-first approach, evolving from on-premises roots. We've a planned fix soon to roll out that makes moot what you're discovering. Once fully in place, people will not be able to disable eDiscovery for their own OneDrive - even if they had disabled Search. It will be a sole action for admins. Appreciate the eyeballs and call to attention.

Thanks, Mark, on behalf of the OneDrive team
1 best response

Accepted Solutions
best response confirmed by VI_Migration (Silver Contributor)
Solution

Hi @Jaroslav Karlik @TonyRedmond et al,


We've reviewed further with those on our end already engaged on the issue - a continuing effort to adjust legacy settings to the cloud-first approach, evolving from on-premises roots. We've a planned fix soon to roll out that makes moot what you're discovering. Once fully in place, people will not be able to disable eDiscovery for their own OneDrive - even if they had disabled Search. It will be a sole action for admins. Appreciate the eyeballs and call to attention.

Thanks, Mark, on behalf of the OneDrive team

View solution in original post