Get All AIP encrypted files - SharePoint Online

One of the recent project merger and acquisition.  Technology - M365 tenant to Tenant migration Areas of consolidation 1. Mailboxes  2. SharePoint online data 3. OneDrive for Business data 4. Teams data migration 5. Security and Compliance Migration  Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB. Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.   Solution available -  Ask end users to unencrypt the data before migration  Alternet Solution - 1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted.  Decryption in eDiscovery - Microsoft Purview (compliance) | Microsoft Docs   2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths.  Challenges -  1. We do not want end user intervention

Legitimate Emails going into Junk

Legitimate Emails going into Junk

  1. Pull out the headers of the email first either from Outlook or OWA. Please find attached documents to help with the same.

     
  2. Paste the headers in the message analyzer section in https://testconnectivity.microsoft.com.



  1. Click on Analyze headers button.

     
     



 
  1. Scroll down in the Other headers section and look for X-Forefront-Antispam-Report. In this you will find one attribute which says à SFV.

     

For more details about analyzing the X-Forefront-Antispam-Spam report you may please refer to this link à  https://technet.microsoft.com/en-IN/library/dn205071(v=exchg.150).aspx


Scenario 1: If the SFV is SFV: BLK

This would mean that the end user has blocked the sender of the email from his or her Outlook/OWA. Once you remove the sender from End User Blocked Sender list the issue would get fixed.

Scenario 2: If the SFV is SFV: SKS

This would mean that there is a transport rule create by one of the admins which is causing the emails to go into Junk. Once you check and modify/remove any such rules the issue would stand fixed.

Scenario 3: If the SFV is SFV: SPM

The email got marked as spam by the spam filtering service. Now the email could be from a known trusted sender for the recipient and might be a legitimate email but it matched one or the other criteria on the spam filter engine which marked it as spam.

In order to ensure that such emails do not go to Junk folder we can create a transport rule to bypass spam filtering for certain good senders of the users.

  • Go to office 365 portal using link outlook.office365.com/ecp
  • Go to Mail Flow à rules à Click on + symbol drop down à create a new rule.
  • Give it a name of your choice and select more options given at the end of the window in blue.
  • From Apply this rule if section à Select The Sender à is this person à In the pop up window please type in ID of the external sender in the box at the end and then click on check names. Please do this for other external senders as well.
  • From Do the following à Modify the message properties à set the spam confidence level à From drop down bypass spam filtering
  • Click on save to save the save rule. Once saved double click and edit the rule again and go to Priority option and set it to 0 and also tick mark the option Stop Processing more rules. Save the rule.



     

Comments

Popular posts from this blog

Error - AttributeValueMustBeUnique in Azure AD connect sync

Error - QuarantinedAttributeValueMustBeUnique

Add members to office 365 Security Group Using PowerShell and CSV

Analyze Office 365 Message headers

Enforce MFA using CSV