Skip to main content

Get All AIP encrypted files - SharePoint Online

One of the recent project merger and acquisition. 

Technology - M365 tenant to Tenant migration

Areas of consolidation
1. Mailboxes 
2. SharePoint online data
3. OneDrive for Business data
4. Teams data migration
5. Security and Compliance Migration 

Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB.

Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.  

Solution available - 
Ask end users to unencrypt the data before migration 

Alternet Solution -

1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted. 

2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths. 

Challenges - 

1. We do not want end user intervention to remove encryptions
2. We are not aware where all these files and emails are and who own it.
3. eDiscovery will not solve the purpose for data migration 

What we did 

1. Created a PowerShell Script to identify the list of encrypted document on SharePoint online (tenant wide)

How to use the script 

1. Enter all the SharePoint Sites URL for scanning in the excel sheet. 

Edit the Script - change the following values 

$username = ""
$password = ""
$TenantAdminURL 
$FileURL


This script will automatically generate the output file in the output folder and generate logs too under logs folder. 

Note - Script and input file must be in the same location. 

You can use the same script to get details from one Drive folder too.

Currently there is no option other than below one's to get the details on encrypted email, however this is a manual task.
  • Content Explorer List Viewer
  • Content Explorer Content Viewer

Script can be found Encrypted Documents

Comments

  1. prakashjinna1 April 2023 at 14:15

    This comment has been removed by the author.

    ReplyDelete
  2. prakashjinna1 April 2023 at 14:17

    This comment has been removed by the author.

    ReplyDelete
  3. prakashjinna1 April 2023 at 14:18

    Thanks for sharing this .It is very useful for our usage also. VRS Technologies LLC offers MS office 365 Migration Services Dubai

    ReplyDelete
  4. User19 June 2023 at 17:47

    This comment has been removed by the author.

    ReplyDelete
  5. Nanfor Ibérica1 September 2023 at 11:41

    Thanks for sharing this worth reading article. This is really helpful. Keep sharing. MS-101T01: Microsoft 365 Security Management

    ReplyDelete

Post a Comment

Popular posts from this blog

Error - QuarantinedAttributeValueMustBeUnique

Case History. 1. Client already had users created in office 365 2. Client wanted to setup SSO for office 365 users Approach for requirement fullfilment   1. Deployed and configured Azure AD connect      95% users were synced and soft match was successfully done  5% users were getting error - QuarantinedAttributeValueMustBeUnique  (to view the sync issues -  https://aad.portal.azure.com/#blade/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/SyncErros )  When we checked 2 users were found under Active users  1. one in Cloud (this was created earlier/ already existed ) with active licenses and Mailbox 2. one unlicensed synced with AD Solution - 1. Delete the unwanted user in Azure or AD as per this document.  https://blogs.msdn.microsoft.com/hkong/2017/03/23/how-to-fix-attributevaluemustbeunique-error-message-when-trying-to-sync-an-object-from-on-premises-active-directory-to-office-365/ ...
Post a Comment
Read more

Error - AttributeValueMustBeUnique in Azure AD connect sync

My customer had already created accounts in office 365 and managing them in Azure, however due to some changes in business they wanted to sync AD with Azure to sync Password and Manage Identity form AD. Solution - Deploy Azure AD connect on ADDC, and post that it will do a Soft Match. However there were error with some users, their identities did not sync and their status still reflected as Azure AD. Error -  Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:user@domain.com;].  Correct or remove the duplicate values in your local directory.  Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values. Tracking Id: b8367c95-ae67-46e1-xxxx-xxxxxxxxxx ExtraErrorDetails: [{"Key":"ObjectId","Value":["cd088468-bb6a-4...
4 comments
Read more

Block users from saving data on System Drive on Intune Managed Device

Recently i delivered a project for Intune Deployment and came up with a requirement as follows End Users Should not be able to save data locally on C or D Drive, instead they should be allowed to save data only in One Drive for business (synced with System)  Based on the requirement i did my research and found the Following. its possible to control the Local System settings on a Azure AD joined Machine and Managed by Intune. There is no options to define exceptions in policies to allow data saving in certain folders.  Now most of us will think WIP (windows information protection) policy will help us protecting the data on device, however that's not completely true as . User can change the File Ownership to personal if the WIP policy is set to Allow Override. User can save the file locally on the system User will not be able to copy the data from work file to Personal file if policy is set to Allow override. Unenlightened apps cannot differentiate between personal and corporate...
Post a Comment
Read more