Exchange Online indexes the items stored in mailboxes. Some of the items are partially indexed, meaning that not all of their content is indexable. Microsoft has a PowerShell script to analyze the number of partially indexed items found in mailboxes. The output is kind of esoteric, so we worked it over to create something more understandable.
When you use an Office 365 content search to find items, the results from Exchange Online might include some encrypted attachments. A change means that the attachments can now be decrypted to make it easier for investigators to review the information. It’s a small but important change, just like the update to Edge which stops ClickOnce programs running unless an Edge setting is enabled. All good, clean, honest fun.
For compliance purposes, the Microsoft 365 substrate captures copies of Teams messages in Exchange Online mailboxes. The compliance records are indexed and discoverable, which means that they can be found by content searches. However, Teams compliance records are imperfect copies of the real data, which is a fact that seems to have escaped many people.
OneDrive for Business owners could exclude their sites from Office 365 searches but they can’t any longer after Microsoft acted to remove the capability from OneDrive site settings. All OneDrive for Business sites are now indexed and available to Office 365 searches.
Microsoft has confirmed that disconnected Exchange Online mailboxes are not included in the sources scanned by Office 365 content searches, thus clearing up some misunderstandings that might have existed in the field. The bottom line is that if you want to search mailboxes that don’t belong to accounts, you should use inactive mailboxes.
If you want to include SharePoint Online and OneDrive for Business locations in an Office 365 content search, you need to know the URLs of the target sites. Finding the URLs can be problematic, but here’s some easy ways to do the job. PowerShell, as usual, comes up trumps…
Office 365 tenant administrators can use different ways to access user data. Shouldn’t you have a policy to govern that access?