9M365PurvieweDiscoveryInfra touching files in office activity logs
Hi, We use Office Activity Logs through Log Analytics Workspace to report on specific files. We noticed that in our most recent report, many files were accessed by 'ExportWorker' with 'ClientAppName' M365PurvieweDiscoveryInfra. This seems to have happened on specific days a couple of weeks ago where the activity 'file accessed' whenever an ediscovery was run on a location that stored the particular file was registered. This was not the case before if I remember correctly. Does anyone know why this activity was registered as such in the logs and/or has also experienced the exportworker of M365PurvieweDiscoveryInfra touch their files when running an ediscovery? Is this a change with the new eDiscovery? It is also undesirable that users can track incident response employees touching their files in case of an investigation.