Using Purview eDiscovery APIs in App-Only Mode
Most eDiscovery work is done interactively, but a use case exists for working with eDiscovery cases through apps, such as populating a large review set. It’s possible to configure an Entra ID app to work with the eDiscovery APIs in app-only rather than delegated mode, but only by using an Exchange service principal to add the app to the eDiscovery manager role group. This approach also works with Azure Automation runbooks that use Managed Identities. https://practical365.com/ediscovery-app-only-mode/
Compliance search is not returning any data (Powershell)
At our organization, we have an SOP for purging phishing emails from all mailboxes. Part of that is creating a search and then examining it for any legit emails before going on to the purge step. The commands below are no longer returning any data, and they used to work. What has changed? PS C:\Windows\system32> Connect-IPPSSession -UserPrincipalName email address removed for privacy reasons PS C:\Windows\system32> New-ComplianceSearch -Name "Broken" -ExchangeLocation All -ContentMatchQuery 'Subject:"invoice"' Name RunBy JobEndTime Status ---- ----- ---------- ------ Broken NotStarted PS C:\Windows\system32> Start-compliancesearch -identity "broken" PS C:\Windows\system32> Get-compliancesearch -identity "broken" Name RunBy JobEndTime Status ---- ----- ---------- ------ Broken admin 7/14/2025 8:17:09 PM Completed PS C:\Windows\system32> Get-ComplianceSearch -Identity "broken" | >> Select-Object Name, Status, ItemsFound, Size, CreatedBy, CreatedTime | >> Export-Csv -Path "C:\filename.csv" -NoTypeInformation The resultant .csv has only the headers, but no information about emails, so any purge commands have nothing to purge. Thank youPractical Graph: Using PowerShell to Create and Run eDiscovery Cases
The new Purview eDiscovery implementation supports a Graph API. Where there's a Graph API, there are PowerShell cmdlets based on the API. This article explains how to use PowerShell to automate different aspects of eDiscovery cases. PowerShell can't review the items found by searches, but it can handle most of the other processing. https://practical365.com/purview-ediscovery-powershell/Practical Purview: Removing Old Items from User Calendars
A reader wants to remove all calendar items over a certain age. Compliance purge actions seem like a good way to do this, but there's a problem that needs to be fixed. eDiscovery purges can do the job, but only if you have eDiscovery Premium. And then there's Graph APIs to consider. All in all, many ways exist to purge calendar items. https://practical365.com/ediscovery-purges/Important Purview eDiscovery Changes Take Effect in May 2025
Microsoft is making some important changes to Purview eDiscovery from May 26, 2025. The changes affect how content searches work and are likely to affect many Microsoft 365 tenants. Administrators and eDiscovery investigators will both have to master new ways of working with eDiscovery cases, searching for information, reviewing search results, and exporting what’s found. Changes to PowerShell cmdlets might affect scripts, so there’s lots to consider. https://office365itpros.com/2025/04/17/purview-ediscovery-may2025/
Compliance licenses at tenant level
Hi, We are a small organization of about 200 employees, and we have following requirements. DLP policies configuration at Exchange, OneDrive, SharePoint BYOD security Users should not be able to send files outside the org And so on as we evaluate We already have M365 Business Premium. However, after researching we figured out that M365 Business premium will alone not solve our requirements. May be compliance license will. We want to apply security policies at tenant level in our organization but definitely do not want every user to get licenses as this will be expensive for us and there is no requirement at all for our users. The question is, Is there a way to solve the above scenario?Purview eDiscovery’s Big Makeover
eDiscovery is a calling best left to skilled investigators. But Microsoft 365 administrators need to know how to search and how the new Purview eDiscovery works. The new implementation is due by the end of 2024 and is in preview now. It unifies the three existing solutions in the Microsoft 365 eDiscovery space and promises to deliver new functionality. But will it make its dates? Who knows! https://office365itpros.com/2024/09/09/new-purview-ediscovery/
Notice: Your Office 365 E3 developer subscription is expiring soon - cannot login
I got an email from Microsoft stating they no longer support Office 365 E3 developer offering - and that I should sign in and delete the subscription for E3 - and when I have deleted it - the Microsoft 365 E5 subscription will start automatically. The problem I have is that when i sign in - I get this message: We're unable to sign you in with this account You can't sign in to the Microsoft 365 Developer Program with your sandbox subscription administrator ID. Please sign in with your Developer Program account. For details, see the FAQ. MS-CorrelationId: 00000000-a228-407b-b67b-b43c54d7e2bf I do not have any other logins assigned to the developer account - when logging into Azure Entra - I can only see one account and one guest account. I have changed the domain associated with the office account - a long time ago - perhaps that is causing problems. Any idea how to proceed?
