Office 365 - Options for obtaining data in other accounts

This document covers various scenarios where someone will need to obtain authorized access to data within someone else’s Office 365 account.

Audience: Departmental IT organizations, Office of Cyber Security, Office of Legal Affairs, Office of Compliance.

Definitions:

Scenario A: An employer has an employee who is in the process of changing roles or leaving the department, so they want a copy of some or all Office 365 data from their personal (NetID) account. Usually this is done for knowledge retention, customer relationship continuity, and other business processes. The employee is able to fully participate in the knowledge transfer process prior to leaving.

Solution: The employee can organize the data into folders and copy only messages that the employer is interested in keeping.

The employee can download the data (e.g. as a PST) and deliver it outside the context of Office 365. Alternatively, the employee can grant Folder/Calendar permissions so that the employer can access and copy all of the organized data to another account, or download the data to a PST as needed.

The employee can delete those messages out of his/her mailbox if the employer has a requirement that former employees not retain access to certain data.

Scenario B: An employer who has an employee who is in the process of changing roles or leaving the department, and the employee is unable to organize the data.

Solution: Employee grants employer Full mailbox permission via the Wisc Account Administration site. The employer can then copy any data that is needed to another account, or download any data to a PST as needed. Alternatively, the employee can grant the employer Administrative Access so that the employer can, at a later time, set Full mailbox permissions.

The employer can delete those messages out of the employee’s mailbox if the employer has a requirement that former employees not retain access to certain data.

Scenario C: An employee leaves unexpectedly, passes away, or is fired. In this situation, the employer can’t rely on the employee to facilitate the knowledge transfer process prior to leaving.

Solution: Escalate a request to the Office of Cyber Security (or some other authorized group) to grant Full mailbox permission so that the employer can access any necessary data. Alternatively, the employer can pre-arrange Administrative Access for all employee mailboxes so that the employer can, at a later time, set Full mailbox permissions.

The employer can delete those messages out of the employee’s mailbox if the employer has a requirement that former employees not retain access to certain data.

Scenario D: The Office of Legal Affairs or Office of Compliance is executing a legal request for data within an employee’s Office 365 account. The employing unit’s IT department is asked to facilitate the legal request for data. The employee is asked to identify and provide data relevant to the investigation. The employee is able to fully participate in the data discovery process.

Solution: The employee can organize the data into folders and copy only messages that the investigators are interested in obtaining.

The employee can download the data (e.g. as a PST) and deliver it to the departmental IT staff outside the context of Office 365. Alternatively, the employee can grant Folder/Calendar permissions so that the departmental IT staff can access and copy all of the organized data to another account, or download the data to a PST as needed.

Scenario E: The Office of Legal Affairs or Office of Compliance is executing a legal request for data within an employee’s Office 365 account. However, in this situation, the employee needs assistance to organize the data.

Solution: The employee grants departmental IT staff Full mailbox permission via the Wisc Account Administration site. The departmental IT staff can then copy any data that is needed to another account, or download any data to a PST as needed.

Scenario F: The Office of Legal Affairs or Office of Compliance is executing a legal request for data within an employee’s Office 365 account. However, in this situation, the employee is unable to collaborate with their departmental IT staff.

Solution: The departmental IT staff escalates a request to the Office of Cyber Security (or some other authorized group) to grant Full mailbox permission so that the employer can access any necessary data.

Scenario G: The legal request has a specific need to utilize the capabilities of In-Place eDiscovery and/or In-Place Hold.

Solution: The Office of Legal Affairs, Office of Compliance, or Departmental IT staff escalates a request to the Office of Cyber Security to use the In-Place eDiscovery and/or In-Place Hold capabilities. The mailbox is searched based on specific search terms and the results are exported to a location that can be accessed as needed.

Note: The ability to delegate In-Place eDiscovery and In-Place Hold to departmental IT staff is problematic.

It may seem advantageous to use the In-Place eDiscovery capability to search for and copy the data for use cases beyond legal investigations (e.g. knowledge transfer), however it is usually the case that Folder/Calendar permissions and/or Full mailbox permission capability is a more efficient process for finding pertinent data.

The Office 365 Team has periodically considered whether to implement the ability for people with authorized Administrative Access over an account to execute In-Place eDiscovery. The cost of implementing this capability would need to be overwhelmed by any gaps in reliance on the Folder/Calendar permissions and Full mailbox permission capability.

Once the Office of Cyber Security has gained experience using the In-Place eDiscovery capability, the Office 365 Team will evaluate feedback from stakeholders to determine if building a delegated eDiscovery capability becomes more feasible.




Keywords:microsoft office365 o365 gain access retrieve restore authorized data email calendar onedrive people contacts   Doc ID:62713
Owner:Ara M.Group:Office 365
Created:2016-04-14 07:51 CDTUpdated:2016-04-14 08:27 CDT
Sites:DoIT Help Desk, DoIT Tech Store, Office 365
Feedback:  0   0