OneDrive for business - IT security check

%3CLINGO-SUB%20id%3D%22lingo-sub-1193103%22%20slang%3D%22en-US%22%3EOneDrive%20for%20business%20-%20IT%20security%20check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1193103%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BFrom%20the%20IT%20Security%20perspective%2C%20if%20IT%20Security%20team%20needs%20to%20perform%20below%20on%20OneDrive%20data%20what%20are%20the%20options%3F%3C%2FP%3E%3CP%3E1.%20Hold%20the%20data%20in%20user's%20OneDrive%20due%20to%20suspecting%20data%20leak%20or%20information%20leak%3C%2FP%3E%3CP%3E2.%20Retrieving%20the%20data%20deleted%20from%20user's%20Recycle%20Bin%20and%20second%20level%20Recycle%20Bin%20from%20OneDrive%20site%3C%2FP%3E%3CP%3E3.%20Stopping%20user%20from%20clearing%20Recycle%20Bin.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20perform%20above%3F%20If%20possible%2C%20still%20the%20user%20will%20be%20notified%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EYasothaDevi%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1193103%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1193161%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20for%20business%20-%20IT%20security%20check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1193161%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20have%20a%20look%20at%26nbsp%3Bretention%20policies%2C%20which%20can%20be%20applied%20to%20OneDrive%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fretention-policies%3F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fretention-policies%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CEM%3EComply%20proactively%20with%20industry%20regulations%20and%20internal%20policies%20that%20require%20you%20to%20retain%20content%20for%20a%20minimum%20period%20of%20time.%26nbsp%3BRetaining%20content%20so%20that%20it%20can't%20be%20permanently%20deleted%20before%20the%20end%20of%20the%20retention%20period.%26nbsp%3B%26nbsp%3BWhen%20content%20is%20subject%20to%20a%20retention%20policy%2C%20people%20can%20continue%20to%20edit%20and%20work%20with%20the%20content%20as%20if%20nothing's%20changed%20because%20the%20content%20is%20retained%20in%20place%2C%20in%20its%20original%20location.%20But%20if%20someone%20edits%20or%20deletes%20content%20that's%20subject%20to%20the%20policy%2C%20a%20copy%20is%20saved%20to%20a%20secure%20location%20where%20it's%20retained%20while%20the%20policy%20is%20in%20effect.%3C%2FEM%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20also%20eDiscovery%20hold%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fmicrosoft-365%2Fcompliance%2Fediscovery-cases%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fmicrosoft-365%2Fcompliance%2Fediscovery-cases%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CEM%3EYou%20can%20use%20an%20eDiscovery%20case%20to%20create%20holds%20to%20preserve%20content%20that%20might%20be%20relevant%20to%20the%20case.%20You%20can%20place%20a%20hold%20on%20the%20mailboxes%20and%20OneDrive%20for%20Business%20sites%20of%20people%20who%20are%20custodians%20in%20the%20case.%20When%20you%20place%20content%20locations%20on%20hold%2C%20content%20is%20held%20until%20you%20remove%20the%20hold%20from%20the%20content%20location%20or%20until%20you%20delete%20the%20hold.%3C%2FEM%3E%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1193715%22%20slang%3D%22en-US%22%3ERe%3A%20OneDrive%20for%20business%20-%20IT%20security%20check%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1193715%22%20slang%3D%22en-US%22%3EAgree%20here%2C%20retention%20policie%20are%20the%20way%20to%20go%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hi,

   From the IT Security perspective, if IT Security team needs to perform below on OneDrive data what are the options?

1. Hold the data in user's OneDrive due to suspecting data leak or information leak

2. Retrieving the data deleted from user's Recycle Bin and second level Recycle Bin from OneDrive site

3. Stopping user from clearing Recycle Bin.

 

Is it possible to perform above? If possible, still the user will be notified?

 

Regards,

YasothaDevi

2 Replies
Highlighted

Hi, have a look at retention policies, which can be applied to OneDrive 

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies

 

"Comply proactively with industry regulations and internal policies that require you to retain content for a minimum period of time. Retaining content so that it can't be permanently deleted before the end of the retention period.  When content is subject to a retention policy, people can continue to edit and work with the content as if nothing's changed because the content is retained in place, in its original location. But if someone edits or deletes content that's subject to the policy, a copy is saved to a secure location where it's retained while the policy is in effect."

 

There is also eDiscovery hold:

 

https://docs.microsoft.com/en-gb/microsoft-365/compliance/ediscovery-cases

 

"You can use an eDiscovery case to create holds to preserve content that might be relevant to the case. You can place a hold on the mailboxes and OneDrive for Business sites of people who are custodians in the case. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold."

 

Highlighted
Agree here, retention policie are the way to go