Get All AIP encrypted files - SharePoint Online

One of the recent project merger and acquisition.  Technology - M365 tenant to Tenant migration Areas of consolidation 1. Mailboxes  2. SharePoint online data 3. OneDrive for Business data 4. Teams data migration 5. Security and Compliance Migration  Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB. Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.   Solution available -  Ask end users to unencrypt the data before migration  Alternet Solution - 1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted.  Decryption in eDiscovery - Microsoft Purview (compliance) | Microsoft Docs   2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths.  Challenges -  1. We do not want end user intervention

Exchange online Protection features

Exchange online Protection features


I have tried to relate these features with the features in Exchange Online Protection (EOP) and will share prompt information with you.


1.  Per user outbound rate limiting that doesn't require content (spam) scanning, and that has a tempfail option in case of misfires. Requires automatic blocking, admin notification of event.

As per your query, the limit for the number of outbound messages sent through EOP is high enough to ensure that normal email communication is not treated as spam. If you want to send commercial bulk email messages, rather than sending outbound messages through EOP, we recommend that you either use a third-party email service provider (ESP) or send them through your on-premises email servers.


2.  Sender/recipient level Greylisting, with automatic tracking of relays that retry delivery (to minimize delays).

Messages in deferral will remain in our queues for 2 days. Message retry attempts are based on the error we get back from the recipient’s mail system. On average, messages are retried every 5 minutes.

EOP queued, deferred, and bounced messages FAQ: https://technet.microsoft.com/en-us/library/dn167670(v=exchg.150).aspx

3.  per user automatic recipient whitelisting with rolling expiration dates.

There is no feature which will perform automatic whitelisting in EOP.

4.  Spam/virus scanning in the data stream to keep the sending relay responsible for holding viruses and high scoring messages.

Malware filtering in EOP can delete and strip unsafe attachments.


5.  Custom compound rules.

In EOP, We have transport rules which you can use to control mail flow, based on a message’s content.


6.  Virus before spam scanning.

EOP uses multiple anti-malware scan engines to protect against malware threats. In addition to this, EOP includes a real-time threat response. This means that when outbreaks occur, the anti-malware team can write specific policy rules that detect the threat and protect your organization even before definitions are available from the anti-malware engines used by the service. EOP’s malware filter in the Exchange Administration Center allows you to customize your default company-wide malware filter policy, including how to take action on detected malware and who to notify in case malware is detected. You can also customize these notification messages.

7.  Option to store suspect messages locally.

By default, content-filtered messages are sent to the recipients Junk Email folder. However, admins can configure content filter policies to send spam-quarantined messages to the quarantine instead. For more information about the different actions that can be performed on content-filtered messages, see Configure your content filter policies.
As an end user, you can manage your own spam-quarantined messages via:
·         The spam quarantine user interface. For more information, see Find and release quarantined messages as an end user.
·         End-user spam notification messages (if they’re enabled by your administrator). For more information about using this feature, see Use end-user spam notifications to release and report spam-quarantined messages.
By default, spam-quarantined messages are stored in the quarantine for 15 days.
8.  Log viewing, searching.

Message tracing capability, which allows you to search for and view details about a specific message. The message trace feature enables you as an administrator to follow email messages as they pass through your EOP service. It helps you determine whether a targeted email message was received, rejected, deferred, or delivered. This lets you efficiently answer your user’s questions and troubleshoot mail flow issues, and alleviates the need for users to contact technical support for assistance.




9.  User level analysis of history to assist in making settings adjustments.


10. Reporting including daily, monthly, custom periods with charts and automatic reporting.  Reports on of various types of email, viruses, volume, addresses in use, dormant addresses, worst senders, domains (for example).

EOP offers a variety of reporting features both in and out of the Exchange Administration Center (EAC). Audit logging and reports are included in the EAC. Audit logging reports track specific changes made by administrators in order to help you meet regulatory, compliance, and litigation requirements.
Additional reports are available with the Excel Download Application. You can use the Mail Protection reports for Office 365 reporting workbook to gather messaging statistics and details, if you are part of a Microsoft Office 365 Enterprise organization. After you download the workbook to your local computer and configure it, the workbook connects to your organization and retrieves messaging data. The data includes information about message traffic, spam, malware, and messages affected by transport rules.
Use mail protection reports in Office 365 to view data about malware, spam, and rule detections: https://technet.microsoft.com/en-us/library/dn500744(v=exchg.150).aspx

11. HTML interface, no plugins required.

In EOP, you do not require plugins.

12. Locked address functionality.

Exchange Online Protection (EOP) uses its own proprietary block lists as well as third-party (partner) block lists. Your users might be placed on our block lists for a variety of reasons. Domain admins can follow the steps listed in Sample notification when a sender is blocked sending outbound spam to re-enable mail usage for a user.

Request that a user, domain, or IP address be removed from a block list after sending outbound spam: https://technet.microsoft.com/en-us/library/dn458545(v=exchg.150).aspx

13. Per user controls of potentially everything (let's say domain and user white & blacklisting for now).

You can have add sender addresses or domains to a Block list or Allow list in a spam filter policy in EOP.


14. Trusted/known networks with granular trust settings.



Some of the terminology is different and I might not have been able to relate it correctly. I would request you to also review the below mentioned article which specifically summarizes Exchange Online Protection Features.

Exchange Online Protection features:


I hope this information will help you in understanding and relating with your current Spam filtering option.

*Please review the above mentioned information. If it answers your queries, do let us know if we can archive the case.

Comments

Popular posts from this blog

Error - AttributeValueMustBeUnique in Azure AD connect sync

Error - QuarantinedAttributeValueMustBeUnique

Add members to office 365 Security Group Using PowerShell and CSV

Analyze Office 365 Message headers

Enforce MFA using CSV